Splunk® Enterprise

Release Notes

Download manual as PDF

Splunk Enterprise version 5.0 reached its End of Life on December 1, 2017. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Workaround for SSL configuration for users of Firefox 3

Caution: The workaround described in this topic is not to be used in high-security environments, or any install that uses custom SSL certs. Custom SSL certificates are the only way to solve this issue in a security-conscious manner.

Background

Firefox 3 tightened its security defaults to deny any SSL certificates that are mismatched. By default, Splunk uses a self-signed SSL certificate with the following details:

  • Issuer (signing authority): CN=SplunkCommonCA, O=Splunk
  • Issued to: CN=SplunkServerDefaultCert, O=SplunkUser

Since SplunkCommonCA is not a trusted CA (like Verisign, Thawte, etc.) and 'SplunkCerverDefaultCert' does not equal 'localhost', this is enough to trigger the security exception.

By adding the Splunk certificate to your browser's exception list, you are asserting that you trust this certificate/hostname combination.

Symptoms

This applies to environments that satisfy all of the following prerequisites:

1. Browsing via Firefox 3

2. Accessing Splunk version 3.2+

3. splunkd is set in server.conf to have enableSplunkdSSL=true

4. Hitting the splunkd management port directly from the browser, i.e. https://localhost:8089/services

- OR -

1. Browsing via Firefox 3

2. Accessing Splunk version 3.0+

3. splunkweb is set in web.conf to have enableSplunkWebSSL=true

4. Hitting Splunk Web from the browser, for example: https://localhost:8000

When accessing the splunkd REST endpoints or SSL-enabled Splunk Web via Firefox 3, the browser returns with an 'invalid security exception' message. There are 2 manifestations of this error message:

Message A:

SSLConfigWorkaround-Picture9.png

Message B:

SSLConfigWorkaround-Picture8.png

Workaround

Caution: This workaround is not to be used in high-security environments, or any install that uses custom SSL certs. Custom SSL certificates are the only way to solve this issue in a security-conscious manner.

If your error message is like Message B, then you can skip to step 2.

1. Open the Certificate Manager

  • Click the 'Firefox' menu.
  • Select the 'Preferences' menu item.
  • Click the 'Advanced' tab.
  • Click the 'Encryption' tab.
  • Click the 'View Certificates' button.

2. Add your splunkd certificate to the certificate exceptions

  • Click the 'servers' tab
  • Click the 'Add Exception...' button
  • Copy/paste or type in the full URI of your splunkd server, for example, https://localhost:8089
  • Click the 'Get Certificate' button (at this point, the certificate status page should show some info about the certificate).
  • Click the 'Confirm Security Exception' button (You should now be back on the servers tab, with a new Splunk certificate listed).
PREVIOUS
Splunk Enterprise and anti-virus products
  NEXT
Workaround for network accessibility issues on Splunk Windows systems under certain conditions

This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters