Configure Splunk DB Connect to support requireClientCert=true
Follow the instructions below to allow DB Connect to provide a client certificate while communicating with Splunk components.
- Set
requireClientCert=false
in$SPLUNK_HOME/etc/system/local/server.conf
- Use cert.pem and privkey.pem from
$SPLUNK_HOME/etc/auth/splunkweb
, or generate a new Private Key and Certificate signed by the CA under$SPLUNK_HOME/etc/auth/ca.pem
- Copy cert.pem and privkey.pem to
$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs
. Note that we use a naming convention, we expect the certificate and private key to be named cert.pem and privkey.pem. - Open Splunk DB Connect and navigate to
Configuration > Settings > Keystore
, click New Client Certificate and then copy the content from cert.pem to Certificate field and the content from privkey.pem (in PKCS8 format) to Private Key field, then click Save. - Verify privkey.pem is in PKCS8 format:
PKCS8 contains a header as
BEGIN PRIVATE KEY
and PKCS1 asBEGIN RSA PRIVATE KEY
- Convert privkey.pem to PKCS8 if needed using
$SPLUNK_HOME/bin/splunk cmd openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in privkey.pem -out privkey-pkcs8.pem
- Set
requireClientCert=true
in$SPLUNK_HOME/etc/system/local/server.conf
- Restart Splunk.
Configure Splunk DB Connect settings | Configure Splunk DB Connect security and access controls |
This documentation applies to the following versions of Splunk® DB Connect: 3.18.0
Feedback submitted, thanks!