Community:SplunkWeb SSL DefaultCerts

From Splunk Wiki

Jump to: navigation, search

Configuring SplunkWeb to use the default SSL certificates that ship with Splunk

This is the simplest configuration to set up SplunkWeb to send encrypted but non-secure information.

Important: If the confidentiality of data transmission between Splunkweb and its clients is very important to you. Splunk STRONGLY recommends that you DO NOT use the default SplunkWeb certificate.

1 - Point SplunkWeb to the default private key and certificate files :

  • In $SPLUNK_HOME/etc/system/local/web.conf (or any other applicable location, if you are using deployment server), make the following changes under the [settings] stanza :

[settings]
enableSplunkWebSSL = true
privKeyPath = etc/auth/splunkweb/privkey.pem
caCertPath = etc/auth/splunkweb/cert.pem

"privKeyPath" points to the private RSA key used by SplunkWeb to encode the data it sends out. Remember that this key is *not* and should not be protected by a pass phrase.

"caCertPath" points to a PEM file containing the server certificate concatenated with the CA certificate.

Important : As of Splunk 4.2, per the web.conf spec file for Splunk 4.2, the paths to the private key and certificate can be relative to $SPLUNK_HOME or absolute.
If you are using Splunk 4.0.x or 4.1.x, these paths are relative to $SPLUNK_HOME/share/splunk. Check the web.conf spec file for Splunk 4.1 for more details.

2 - Restart SplunkWeb for the changes to take effect :

# $SPLUNK_HOME/bin/splunk restart splunkweb

Troubleshooting :

If there are any issues, look in web_service.log first. Ideally, tail -f that file while you restart SplunkWeb and watch for SSL configuration warnings :
# tail -f $SPLUNK_HOME/var/log/splunk/web_service.log

For example, if you provide an incorrect path to the server certificate declared in "caCertPath", the following error will appear :

2010-12-21 16:25:02,804 ERROR [4d11455df3182e6710] root:442 - [Errno 2] No such file or directory: '/opt/splunk/share/splunk/mycerts/mySplunkWebCertificate.pem'
...and SplunkWeb will fail to start.

Note that there will be no error printed out if the RSA private key configured with "privKeyPath" is pass phrase-protected, however your browser will be unable to load any page served by SplunkWeb.

Personal tools
Hot Wiki Topics


About Splunk >
  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk