Documentation > Splunk > Admin Manual > Use SSL (HTTPS) for secure access to Splunk Web

Admin Manual

 


Welcome to Splunk administration
What to do first
Use Splunk Web
Getting started for Windows admins
Manage Splunk licenses
Meet Splunk apps
Configure Splunk
Indexing with Splunk
Manage users
Manage indexes
Define alerts
Set up backups and retention policies
Configure data security
Manage search jobs
Use Splunk's command line interface (CLI)
Configuration file reference
Troubleshooting

Use SSL (HTTPS) for secure access to Splunk Web

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

Use SSL (HTTPS) for secure access to Splunk Web

You can enable HTTPS (SSL) access from the browser to Splunk Web. You configure SSL through Splunk Manager or web.conf. Splunk can listen on HTTPS or HTTP, but not both.

You can also use SSL for intra-Splunk communication over the management port and forwarder to receiver communication.

Note: Splunk Web does not currently support SSL key passphrases.

Important: If you are using Firefox 3, enabling SSL for a Splunk deployment may result in an "invalid security exception" being displayed in the browser. Refer to this workaround documentation for more information.

Enable HTTPS using Splunk Manager

To enable HTTPS through Splunk Manager, navigate to Manager > System settings > General Settings and select the Yes radio button underneath the Enable SSL (HTTPS) in Splunk Web setting.

Note: You must restart Splunk to enable the new settings. Also, you must now append "https://" to the URL you use to access Splunk Web.

Enable HTTPS by editing web.conf

You can enable HTTPS through web.conf. Edit this file in $SPLUNK_HOME/etc/system/local/, or your own custom application directory in $SPLUNK_HOME/etc/apps/. For more information on configuration files in general, see how configuration files work. 

[settings]
httpport = <port number>
enableSplunkWebSSL = true
  • httpport
    • Set the port number to your HTTPS port.
  • enableSplunkWebSSL
    • Set this key to true to enable SSL for Splunk Web.

Once you have made the changes to web.conf, you must restart Splunk for the changes to take effect.

Change HTTPS certificates by editing web.conf

The certificates used for SSL between Splunk Web and the client browser are located in $SPLUNK_HOME/etc/auth/splunkweb.

Important: Splunk STRONGLY recommends that you DO NOT use the default Splunk Web certificate. Use of the default Splunk Web certificate will not result in confidential data transmission.

The certificates to use for Splunk Web HTTPS are specified in web.conf under the [settings] stanza. 

[settings]
...
privKeyPath = etc/auth/splunkweb/privkey.pem
caCertPath = etc/auth/splunkweb/cert.pem

Restart Splunk Web from the CLI for your changes to take effect:

  • On *nix systems, navigate to $SPLUNK_HOME/bin/ and enter: 
      # ./splunk restart splunkweb
  • On Windows, go to %SPLUNK_HOME%\bin and enter: 
      > splunk restart

Note: After changing the Splunk Web certificate, users may receive certificate warnings or be prompted by their browser to accept the new certificate.

Examples

Use a third-party certificate for Splunk Web

  • Follow the instructions to generate a new certificate signing request (CSR) and receive a new certificate from your organization's root certificate authority here.
    • Use the following openssl command on *nix:
      • openssl req -new -key $SPLUNK_HOME/etc/auth/splunkweb/privkey.pem -out $SPLUNK_HOME/etc/auth/splunkweb/newcert.csr
    • Use the following openssl command on Windows:
      • openssl.exe req -new -key $SPLUNK_HOME\etc\auth\splunkweb\privkey.pem -out $SPLUNK_HOME\etc\auth\splunkweb\newcert.csr
    • Optionally, you can generate or supply an alternative private key
  • Copy the certificate received from your CA into $SPLUNK_HOME/etc/auth/splunkweb/newcert.pem.
  • Create or modify the following entry under the [settings] stanza in $SPLUNK_HOME/etc/system/local/web.conf
    • caCertPath=etc/auth/splunkweb/newcert.pem
  • Restart Splunk Web
    • $SPLUNK_HOME/bin/splunk restart splunkweb

Use genWebCert.py to generate a new private key and create a new self-signed Splunk Web certificate

  • Follow the instructions for creating a new root certificate here
  • Issue the following commands: 
$ cd $SPLUNK_HOME
$ mv ./etc/auth/splunkweb/privkey.pem ./etc/auth/splunkweb/privkey.pem.old
$ mv ./etc/auth/splunkweb/cert.pem ./etc/auth/splunkweb/cert.pem.old
$ ./bin/splunk cmd python ./bin/genWebCert.py
 
Generating a 1024 bit RSA private key
.....++++++
..............++++++
writing new private key to 'privkeySecure.pem'
-----
Signature ok
subject=/CN=example.splunk.com/O=SplunkUser
Getting CA Private Key
writing RSA key

$ ./bin/splunk restart splunkweb
  • You can also use the above procedure to generate a new self-signed certificate if your self-signed certificate has expired.
Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.2/Admin/SecureaccesstoSplunkwithHTTPS"

This documentation applies to the following versions of Splunk: 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!