Secure Splunk Web with your own certificate

This example assumes that you have already generated self-signed certificates or purchased third-party certificates. If you have not done this and are unsure how to proceed, we've provided some simple examples:

• Self-sign certificates for Splunk Web.
• Get a certificates signed by a third-party for Splunk Web.

Note: Splunk Web does not currently support password-protected private keys. You should remove the password from your key before configuring Splunk Web for the certificate.

Before you begin: Copy your certificates to a new folder

Copy the server certificate to your own certificate repository in $SPLUNK_HOME/etc/auth.

In the following example our web certificate is called mySplunkWebCertificate.pem and our private key is called mySplunkWebPrivateKey.key:

*nix:

Windows:

copy $SPLUNK_HOME\etc\auth\mycerts\mySplunkWebCertificate.pem $SPLUNK_HOME\etc\auth\splunkweb\

copy $SPLUNK_HOME\etc\auth\mycerts\mySplunkWebPrivateKey.key $SPLUNK_HOME\etc\auth\splunkweb\

Configure Splunk Web to use the key and certificate files

Note: Splunk Web does not support passwords for private keys, so you must remove the password from the key before using the key to secure Splunk Web.

1. In $SPLUNK_HOME/etc/system/local/web.conf (or any other applicable location, if you are using a deployment server), make the following changes to the [settings] stanza:

The following is an example of an edited settings stanza:

[settings]
enableSplunkWebSSL = true
privKeyPath = </home/user/certs/myprivatekey.pem> Absolute paths may be used. non-absolute paths are relative to $SPLUNK_HOME
serverCert = </home/user/certs/mycacert.pem> Absolute paths may be used. non-absolute paths are relative to $SPLUNK_HOME

2. Restart Splunk Web: