Splunk® Enterprise

Securing Splunk Enterprise

Download manual as PDF

Splunk Enterprise version 5.0 reached its End of Life on December 1, 2017. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Turn on encryption (https) with Splunk Web

This topic explains how to use the Splunk Web Manager to enable HTTPS for browser to Splunk Web communication. Splunk can listen on HTTPS or HTTP, but not both.

The simple encryption that can be turned on in Splunk Web uses the default certificate that is provided in the "out of box" installation. Since every installation provides the same default certificate, this method is not highly secure. If security is a priority, Splunk strongly recommends you change the default certificate and configure authentication for better security. See "Secure Splunk Web with your own certificate" for information about replacing the default certificates.

To enable HTTPS through Splunk Manager:

1. Navigate to Manager > System settings > General Settings.

2. Go to the Enable SSL (HTTPS) in Splunk Web setting and select the Yes radio button.

Splunk is already set to point to the default certificates when encryption is turned on. The following default configuration can be found in $SPLUNK_HOME/etc/auth/web.conf:

enableSplunkWebSSL = true
privKeyPath = etc/auth/splunkweb/privkey.pem
caCertPath = etc/auth/splunkweb/cert.pem

3. Restart Splunk Web.

You must now prepend "https://" to the URL you use to access Splunk Web.

About securing Splunk Web
Turn on encryption (https) using web.conf

This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters