Configure Splunk Web to use TLS certificates
You can use transport layer security (TLS) certificates to secure connections between Splunk Web and your browser.
The certificates you use can replace the default certificates that Splunk provides. You can either obtain certificates from a certificate authority, or create and sign them yourself.
Prerequisites for configuring Splunk Web to use TLS certificates
- One or more TLS certificates.
- You can either obtain third party certificates from a certificate authority, or create and sign them yourself
- After you get the certificates, you must prepare the certificates for use with Splunk platform instances
- The certificates must be in Privacy-Enhanced Mail format and comply with the x.509 public key certificate standard
- You must have a private key file for each certificate file.
- The key files that come with the certificates must be in RSA security format.
Configure Splunk Web to use TLS certificates
Follow this procedure to configure Splunk Enterprise to use TLS certificates for Splunk Web.
When you configure Splunk Enterprise to use TLS certificates, upon restart, it changes the file permissions on the certificates so that only the user that Splunk Enterprise runs as has full access. This is by design, in line with security industry standards, and cannot be changed.
- Open or create a local web.conf configuration file for the Search app in
$SPLUNK_HOME/etc/system/local
. If you use a deployment server, you can create this file in any application directory that you make available to the deployment server for download to deployment clients. - Under the
[settings]
stanza, configure the path to the file that contains the web server SSL certificate private key file and the path to the Splunk web server certificate file.You may use absolute paths when you configure these settings by prepending a
/
to the path. Non-absolute paths are relative to the Splunk installation directory ($SPLUNK_HOME). If you use a non-absolute path, do not add$SPLUNK_HOME
to the pathThe following example shows an edited settings stanza:
[settings] enableSplunkWebSSL = true privKeyPath = /opt/splunk/etc/auth/mycerts/mySplunkWebPrivateKey.key serverCert = /opt/splunk/etc/auth/mycerts/mySplunkWebCertificate.pem
- Save the file and close it.
- Restart the Splunk Enterprise instance:
# $SPLUNK_HOME/bin/splunk restart splunkd
Next step
Confirm that the forwarder and indexer configurations work properly. See Test and troubleshoot TLS connections.
Configure TLS certificates for inter-Splunk communication | Test and troubleshoot TLS connections |
This documentation applies to the following versions of Splunk® Enterprise: 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2
Feedback submitted, thanks!