Splunk® Enterprise

Securing Splunk Enterprise

Acrobat logo Download manual as PDF

Splunk Enterprise version 7.1 is no longer supported as of October 31, 2020. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Things to know about your certificates

Make sure you are using a compatible version of OpenSSL

Make sure that you are using the version of OpenSSL provided with Splunk by setting your environment to the version in $SPLUNK_HOME/lib in *nix or $SPLUNK_HOME/bin in Windows.

Decide between self-signed or third-party certificates

Self-signed certificates are best used for browser to Splunk Web communication that happens within an organization or between known entities where you can add your own CA to all browser stores that will contact Splunk Web. For any other scenario, CA-signed certificates are recommended. See "Get certificates signed by a third party for Splunk Web" for more information.

Remove your password from browser certificates

When you create a new private key for Splunk Web, you must generate a new private key and remove the password. We recommend that you generate a new private key espcially for browser to Splunk Web encryption so that you do not remove the password from the keys you use elsewhere.

1. Generate a new private key:

2. When prompted, create a password.

3. Remove the password from your key. (Splunk Web does not currently support password-protected private keys.)

In *nix:

$SPLUNK_HOME/bin/splunk cmd openssl rsa -in mySplunkWebPrivateKey.key -out mySplunkWebPrivateKey.key

In Windows:

$SPLUNK_HOME\bin\splunk cmd openssl rsa -in mySplunkWebPrivateKey.key -out mySplunkWebPrivateKey.key

You can make sure your password is gone by issuing the following command:

In *nix:

$SPLUNK_HOME/bin/splunk cmd openssl rsa -in mySplunkWebPrivateKey.key -text

In Windows:

$SPLUNK_HOME\bin\splunk cmd openssl rsa -in mySplunkWebPrivateKey.key -text

You should be able to read the contents of your certificate without providing a password.

Create a single PEM file for Splunk

Combine your server certificate and public certificates, in that order, into a single PEM file.

Set up certificate chains for Splunk

To use multiple certificates, append the intermediate certificate to the end of the server's certificate file in the following order:

[ server certificate]
[ intermediate certificate]
[ root certificate (if required) ]

So for example, a certificate chain might look like this:

... (certificate for your server)...
... (the intermediate certificate)...
... (the root certificate for the CA)...
Last modified on 13 June, 2022
About creating certificates for Splunk
About cipher suites and TLS encryption

This documentation applies to the following versions of Splunk® Enterprise: 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters