Documentation > Splunk > Admin Manual > Secure access to Splunk with HTTPS

Admin Manual

 


Welcome
What to do first
Start Splunk
Meet Splunk Web and Splunk Apps
Before you configure
Add data and configure inputs
Indexing and event processing
Timestamps
Add and manage users
Manage indexes
Define alerts
Set up backups and retention policies
Configure data security
Set up forwarding and receiving
Deploy to other Splunk instances
Set up distributed search
Manage search jobs
Use Splunk's command line interface (CLI)
Configuration file reference
Troubleshooting

Secure access to Splunk with HTTPS

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

Secure access to Splunk with HTTPS

You can enable HTTPS via Splunk Web or web.conf. You can also enable SSL through separate configurations. Splunk can listen on HTTPS or HTTP, but not both.

Important: If you are using Firefox 3, enabling SSL for a Splunk deployment may result in an "invalid security exception" being displayed in the browser. Refer to this workaround documentation for more information.

Enable HTTPS using Splunk Web

To enable HTTPS in Splunk Web, navigate to Manager > System settings and set the radio button labeled Enable SSL (HTTPS) in Splunk Web?.

Note: You must restart Splunk to enable the new settings. Also, you must now append "https://" to the URL you use to access Splunk Web.

Enable HTTPS by editing web.conf

In order to enable HTTPS, modify web.conf. Edit this file in $SPLUNK_HOME/etc/system/local/, or your own custom application directory in $SPLUNK_HOME/etc/apps/. For more information on configuration files in general, see how configuration files work. 

[settings]
httpport = <port number>
enableSplunkWebSSL = true

Once you have made the changes to web.conf, you must restart Splunk for the changes to take effect.

Certificates

The certificates used for SSL between Splunk Web and the client browser is located in $SPLUNK_HOME/share/splunk/certs/. You can replace the self-signed default certificate with your own.

The certificates for SSL are specified in web.conf. You can change the defaults to your own certificate names. 

privKeyPath = /certs/privkey.pem
caCertPath = /certs/cert.pem

Restart Splunk Web from the CLI for your changes to take effect. To use Splunk's CLI, navigate to the $SPLUNK_HOME/bin/ directory and use the ./splunk command. 

./splunk restart splunkweb

If your self-signed certificate for Splunk Web expires, you can generate a new one by deleting cert.pem and privkey.pem in $SPLUNK_HOME/share/splunk/certs/.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.0.3/Admin/SecureaccesstoSplunkwithHTTPS"

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!