Splunk® DB Connect

Deploy and Use Splunk DB Connect

Configure Splunk DB Connect to support requireClientCert=true

Follow the instructions below to allow DB Connect to provide a client certificate while communicating with Splunk components.

  1. Set requireClientCert=false in $SPLUNK_HOME/etc/system/local/server.conf
  2. Use cert.pem and privkey.pem from $SPLUNK_HOME/etc/auth/splunkweb, or generate a new Private Key and Certificate signed by the CA under $SPLUNK_HOME/etc/auth/ca.pem
  3. Copy cert.pem and privkey.pem to $SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs. Note that we use a naming convention, we expect the certificate and private key to be named cert.pem and privkey.pem.
  4. Open Splunk DB Connect and navigate to Configuration > Settings > Keystore, click New Client Certificate and then copy the content from cert.pem to Certificate field and the content from privkey.pem (in PKCS8 format) to Private Key field, then click Save.
  5. Verify privkey.pem is in PKCS8 format:

    PKCS8 contains a header as BEGIN PRIVATE KEY and PKCS1 as BEGIN RSA PRIVATE KEY

  6. Convert privkey.pem to PKCS8 if needed using $SPLUNK_HOME/bin/splunk cmd openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in privkey.pem -out privkey-pkcs8.pem
  7. Set requireClientCert=true in $SPLUNK_HOME/etc/system/local/server.conf
  8. Restart Splunk.
Last modified on 15 February, 2024
Configure Splunk DB Connect settings   Configure Splunk DB Connect security and access controls

This documentation applies to the following versions of Splunk® DB Connect: 3.16.0, 3.17.0, 3.17.1, 3.17.2

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters