KB 016 – Splunk – Setting up a CA signed certificate in Splunk

“c:\program files\splunk\bin\openssl” genrsa -des3 -out mySplunkWebPrivateKey.key 2048 -config “C:\Program Files\Splunk\openssl.cnf”

“c:\program files\splunk\bin\openssl” rsa -in mySplunkWebPrivateKey.key -out mySplunkWebPrivateKey.key

File has changed size (KEY has been removed)

“c:\program files\splunk\bin\openssl” rsa -in mySplunkWebPrivateKey.key -text

“c:\program files\splunk\bin\openssl” req -new -key mySplunkWebPrivateKey.key -out mySplunkWebCert.csr -config “C:\Program Files\Splunk\openssl.cnf”

.csr file needs to be sent to a CA

https://www.rapidsslonline.com/

Click GENERATE

Save the intermediate cert as myCA

Copy mySplunkWebCert.pem+myCACert.pem+mySplunkWebPrivateKey.key mySplunkServerCertificate

Copy the CA ROOT (download this from the CA) to CACert.pem (this is different from myCACert.pem which is actually the intermediate we got form the above”

Edit local\server.conf

[sslConfig]

caCertFile = myCACertificate.pem

caPath = $SPLUNK_HOME\etc\auth\mycerts

sslKeysfile = mySplunkServerCErtificate.pem

sslKeysfilePassword = $1$lM4bAMo=

Download PDF version here