KB 016 – Splunk – Setting up a CA signed certificate in Splunk
“c:\program files\splunk\bin\openssl” genrsa -des3 -out mySplunkWebPrivateKey.key 2048 -config “C:\Program Files\Splunk\openssl.cnf”
“c:\program files\splunk\bin\openssl” rsa -in mySplunkWebPrivateKey.key -out mySplunkWebPrivateKey.key
File has changed size (KEY has been removed)
“c:\program files\splunk\bin\openssl” rsa -in mySplunkWebPrivateKey.key -text
“c:\program files\splunk\bin\openssl” req -new -key mySplunkWebPrivateKey.key -out mySplunkWebCert.csr -config “C:\Program Files\Splunk\openssl.cnf”
.csr file needs to be sent to a CA
https://www.rapidsslonline.com/
Click GENERATE
Save the intermediate cert as myCA
Copy mySplunkWebCert.pem+myCACert.pem+mySplunkWebPrivateKey.key mySplunkServerCertificate
Copy the CA ROOT (download this from the CA) to CACert.pem (this is different from myCACert.pem which is actually the intermediate we got form the above”
Edit local\server.conf
[sslConfig]
caCertFile = myCACertificate.pem
caPath = $SPLUNK_HOME\etc\auth\mycerts
sslKeysfile = mySplunkServerCErtificate.pem
sslKeysfilePassword = $1$lM4bAMo=