How to prepare your signed certificates for Splunk authentication

Once you have your certificates, you must combine the server certificate and your keys into a single file that Splunk software can use.

If you do not have your certificates and need help getting them, we provide some basic examples using OpenSSL in the following topics:

• How to self-sign certificates.
• How to get certificates signed by a third party.

Note: Make sure your certificates and public key are in x509 format and that your private key is in RSA format.

Create a single PEM file

Combine your server certificate and public certificate, in that order, into a single PEM file.

For the examples here, we are using the file names described in "How to self-sign certificates" and "How to get certificates signed by a third party."

The following is an example for *nix:

cat myServerCertificate.pem myServerPrivateKey.key myCACertificate.pem > myNewServerCertificate.pem

The following is an example for Windows:

 >type myServerCertificate.pem myServerPrivateKey.key myCACertificate.pem > myNewServerCertificate.pem

Once created, the contents of the file myNewServerCertificate.pem should contain, in the following order:

• The server certificate (myServerCertificate.pem)
• The private key (myServerPrivateKey.key)
• The certificate authority public key (myCACertificate.pem)

Here's an example of a properly concatenated certificate:

        -----BEGIN CERTIFICATE-----
        MIICUTCCAboCCQCscBkn/xey1TANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJV
        ...
        <Server Certificate>
        ...
        8/PZr3EuXYk1c+N5hgIQys5a/HIn
        -----END CERTIFICATE-----
        -----BEGIN RSA PRIVATE KEY-----
        Proc-Type: 4,ENCRYPTED
        DEK-Info: DES-EDE3-CBC,CFCECC7976725DE5
        
        S+DPcQ0l2Z1bk71N3cBqr/nwEXPNDQ4uqtecCd3iGMV3B/WSOWAQxcWzhe9JnIsl
        ...
        <Server Private Key – Passphrase protected>
        ...
        -----END RSA PRIVATE KEY-----
        -----BEGIN CERTIFICATE-----
        MIICUTCCAboCCQCscBkn/xey1TANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJV
        ...
        <Certificate Authority Public Key>
        ...
        8/PZr3EuXYk1c+N5hgIQys5a/HIn

        -----END CERTIFICATE-----

How to configure certificate chains

To use multiple certificates, append the intermediate certificate to the end of the server's certificate file. You can add as many certificates you need to in decreasing order of hierarchy, up to the root.

The certificates should be concatenated in the following order:

[ server certificate]
[ intermediate certificate]
[ root certificate (if required) ]

So for example, a certificate chain might look like this:

	
-----BEGIN CERTIFICATE-----
... (certificate for your server)...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
... (the intermediate certificate)...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
... (the root certificate for the CA)...
-----END CERTIFICATE-----

In another example, when using Splunk Forwarder to Indexer Certificates that contain a Private Key, the completed certificate file might look like this :

-----BEGIN CERTIFICATE-----
... (certificate for your server)...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
...<Server Private Key – Passphrase protected>
 -----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
... (certificate for your server)...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
... (the intermediate certificate)...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
... (the root certificate for the CA)...
-----END CERTIFICATE-----

Next steps

Now that you have the certificates you need, you must configure Splunk software to find and use them:

• See "Configure Splunk forwarding to use your own certificates" to learn more about configuring certificate authentication for forwarding.
• See "About securing inter-Splunk communication" to learn more about configuring certificate authentication for inter-Splunk communications.