Things to know about your certificates
Make sure you are using a compatible version of OpenSSL
Make sure that you are using the version of OpenSSL provided with Splunk by setting your environment to the version in
$SPLUNK_HOME/lib in *nix or
$SPLUNK_HOME/bin in Windows.
Decide between self-signed or third-party certificates
Self-signed certificates are best used for browser to Splunk Web communication that happens within an organization or between known entities where you can add your own CA to all browser stores that will contact Splunk Web. For any other scenario, CA-signed certificates are recommended. See "Get certificates signed by a third party for Splunk Web" for more information.
Remove your password from browser certificates
When you create a new private key for Splunk Web, you must generate a new private key and remove the password. We recommend that you generate a new private key espcially for browser to Splunk Web encryption so that you do not remove the password from the keys you use elsewhere.
1. Generate a new private key:
2. When prompted, create a password.
3. Remove the password from your key. (Splunk Web does not currently support password-protected private keys.)
$SPLUNK_HOME/bin/splunk cmd openssl rsa -in mySplunkWebPrivateKey.key -out mySplunkWebPrivateKey.key
$SPLUNK_HOME\bin\splunk cmd openssl rsa -in mySplunkWebPrivateKey.key -out mySplunkWebPrivateKey.key
You can make sure your password is gone by issuing the following command:
$SPLUNK_HOME/bin/splunk cmd openssl rsa -in mySplunkWebPrivateKey.key -text
$SPLUNK_HOME\bin\splunk cmd openssl rsa -in mySplunkWebPrivateKey.key -text
You should be able to read the contents of your certificate without providing a password.
Create a single PEM file for Splunk
Combine your server certificate and public certificates, in that order, into a single PEM file.
Set up certificate chains for Splunk
To use multiple certificates, append the intermediate certificate to the end of the server's certificate file in the following order:
[ server certificate] [ intermediate certificate] [ root certificate (if required) ]
So for example, a certificate chain might look like this:
-----BEGIN CERTIFICATE----- ... (certificate for your server)... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ... (the intermediate certificate)... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ... (the root certificate for the CA)... -----END CERTIFICATE-----
About creating certificates for Splunk
About cipher suites and TLS encryption
This documentation applies to the following versions of Splunk® Enterprise: 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6