About securing Splunk Web
Information transmitted to Splunk Web mostly consists of search requests and results.
Note that browser to Splunk Web transmission does not always need to be secured. For example, if your users only access Splunk Web from a local browser behind the same firewall as Splunk Web, security may not be a concern. In this case simple encryption using Splunk's default certificates might be adequate.
- For information about the default certificate for Splunk Web, see Turn on encryption (https) with Splunk Web. or Turn on encryption (https) using web.conf.
- For information about SSL for forwarding with the default certificate, see Configure Splunk forwarding to use the default certificate.
To turn on basic encryption, see Turn on encryption (https) with Splunk Web.
On the other hand, if your Splunk configuration lives in a distributed environment where Splunk Web is accessed from browsers outside of firewalls from varied locations, stronger security should be implemented using signed certificates. For information about configuring Splunk Web to use signed certificates, see Secure Splunk Web using your own certificate.
There are several ways you can use signed certificates to improve security for your browser to Splunk Web communications:
- For secured encryption with authentication, you can replace the default certificate with a signed certificate.
You replace the default certificate provided by Splunk with one that you request from a trusted Certificate Authority. This is the most secure option and recommended if security is a concern.
For more information about obtaining CA certificates for Splunk deployments, see Get certificates signed by a third-party for Splunk Web."
Note that you may also use self-signed certificates to secure authentication, however, because they are signed by you rather than a known and trusted Certificate Authority, browsers will not have you as a CA in their certificate store and as a result will not trust you or your certificates. For self-signed certificates to be effective you would need the ability to add your certificate to a the certificate store of every single browser that will access Splunk Web.
For more information about creating self-signed certificates for Splunk deployments, see Self-sign certificates for Splunk Web.
- When you use a signed certificate, you can further strengthen your SSL configuration by turning on common name checking.
Common name checking adds an extra layer of security by requiring that the common name provided in the certificates on each communicating instance are a match. You can enable common name checking when setting up your certificate and configure Splunk Enterprise to check for that common name when authenticating.
For more information about configuring Splunk Enterprise to use certificates and learn more about common name checking, see Secure Splunk Web using your own certificate.
Working with multiple intermediate certificates | Turn on HTTPS encryption for Splunk Web with Splunk Web |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12
Feedback submitted, thanks!