product
service
- Simple Security Consulting [Consulting]
- Splunk SOAR Automation Assessment Service [Consulting]
- Dashboard/SPL Creation Pack [Implementation/Building Support]
- Version upgrade service [implementation and construction support]
- Splunk Premium Apps construction support service [implementation and construction support]
- Splunk Security Log Analysis Start Package [Original App/Service]
- Splunk × CrowdStrike Falcon Insight, Macnica Original App [Original App/Service]
- Government uniform standard compatible App [Original App/Service]
- Smart Security Monitoring App [Original App/Service]
- Splunk × LANSCOPE Original App [Original App/Service]
- Security Monitoring App for Box [Original App/Service]
- Cloud Security Monitoring App [Original App/Service]
- SIEM Operation Monitoring Service [Original App/Service]
- List of services
- Macnica Premium Support for Splunk (utilization support, version upgrade monitoring)
- Macnica Premium Support for Splunk Skill Up Package
Specifications/Technical Information
Application for evaluation machine
- FAQ
How to use arbitrary self-signed certificates for SSL communication in Splunk Web
④
- release date
- 2019-03-08
- last updated
- 2023-12-05
- version
- Splunk Enterprise 9.0.3
- Overview
-
To use any self-signed certificate for SSL communication to Splunk Web, you need to prepare a certificate compatible with Splunk and edit the configuration file.
Certificate preparation
- Prepare root CA certificate in PEM format, server certificate and private key file
-
- Combine the root CA certificate and server certificate into a single file
- Prepare a private key file that is not password protected
Configuration to Splunk
- Set the path of the combined certificate (root CA + server certificate) and private key file in web.conf
- Reference information
- content
-
Certificate preparation
If you use a self-signed certificate for SSL communication with Splunk Web, you need a PEM-formatted server certificate and a private key file for the server certificate.
The server certificate must be combined with the root CA certificate into one file. Join the files using the Linux cat command or the Windows type command.
Also, the private key of the server certificate set in Splunk Web does not support password protection, so prepare a private key file that is not password protected.
The command execution example below creates a working directory to store the prepared certificate and private key file, and is executed after moving to this directory.
<Work directory>
$SPLUNK_HOME/etc/auth/mycert
* $SPLUNK_HOME indicates the installation directory, and the default path is as follows.
Linux : /opt/splunk
Windows : C:\Program Files\Splunk<Certificate file>
ルートCA証明書ファイル-rootCACert.pem
サーバー証明書ファイル-serverCert.pem<Example of command execution on Linux>
cat ./rootCACert.pem >> ./serverCert.pem
<Example of command execution on Windows>
type rootCACert.pem >> serverCert.pem
Configuring Splunk Web
If you use any self-signed certificate to access Splunk Web from your browser, you must set the path of the server certificate and the server certificate's private key in web.conf.
Change the file path of the server certificate and the private key of the server certificate according to the actual file.
The file path can be an absolute path or a relative path starting with $SPLUNK_HOME.
<Setting file>
$SPLUNK_HOME/etc/system/local/web.conf
<Setting example>
[settings]
enableSplunkWebSSL = true
privKeyPath = <サーバー証明書の秘密鍵のファイルパス>
serverCert = <サーバー証明書のファイルパス>You will need to restart the Splunk service for the settings to take effect. After setting, execute the following command and reboot.
<Restart command>
$SPLUNK_HOME/bin/splunk restart
Operation confirmation method
After completing the settings, access Splunk Web with a browser and check that the screen is displayed and that the server certificate is the prepared self-signed certificate.
In the example configuration above, you can access Splunk Web at the following URL:
https://サーバーのFQDNまたはIPアドレス:8000/
that's all
In charge of Macnica Splunk Co., Ltd.
- TEL:045-476-2010
- E-mail:splunk-sales@macnica.co.jp
Mon-Fri 8:45-17:30