Related Answers
Download topic as PDF
Secure Splunk Web with your own certificate
This example assumes that you have already generated self-signed certificates or purchased third-party certificates. If you have not done this and are unsure how to proceed, we've provided some simple examples:
Note: Splunk Web does not currently support password-protected private keys. You should remove the password from your key before configuring Splunk Web for the certificate.
Before you begin: Copy your certificates to a new folder
Copy the server certificate to your own certificate repository in $SPLUNK_HOME/etc/auth.
In the following example our web certificate is called mySplunkWebCertificate.pem and our private key is called mySplunkWebPrivateKey.key:
*nix:
Windows:
copy $SPLUNK_HOME\etc\auth\mycerts\mySplunkWebCertificate.pem $SPLUNK_HOME\etc\auth\splunkweb\ copy $SPLUNK_HOME\etc\auth\mycerts\mySplunkWebPrivateKey.key $SPLUNK_HOME\etc\auth\splunkweb\
Configure Splunk Web to use the key and certificate files
Note: Splunk Web does not support passwords for private keys, so you must remove the password from the key before using the key to secure Splunk Web.
1. In $SPLUNK_HOME/etc/system/local/web.conf (or any other applicable location, if you are using a deployment server), make the following changes to the [settings] stanza:
The following is an example of an edited settings stanza:
[settings] enableSplunkWebSSL = true privKeyPath = </home/user/certs/myprivatekey.pem> Absolute paths may be used. non-absolute paths are relative to $SPLUNK_HOME serverCert = </home/user/certs/mycacert.pem> Absolute paths may be used. non-absolute paths are relative to $SPLUNK_HOME
2. Restart Splunk Web:
|
PREVIOUS Turn on encryption (https) using web.conf |
NEXT Troubleshoot your Splunk Web authentication |
This documentation applies to the following versions of Splunk® Enterprise: 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10
Feedback submitted, thanks!