KB 095 – Splunk – Create Self-signed SSL Certificate V2

Splunk: Create a Self-signed SLL Certificate

The purpose of this document is to show the process to generate a self-signed SLL certificate for Splunk that matches the fully qualified domain name of the Splunk server.

By default Splunk is delivered with a certificate called SplunkServerDefautCert – however for SAP to connect to Splunk the certificate much match the hostname of the server.

Verify the current certificate name

Connect to port 8089 of your Splunk server through a web browsers using the following format:
https://<Fully Qualified Domain Name:8089

Accept to continue to the website

KB 095 - Splunk - Create Self-signed SSL Certificate V2 1

Click on the “Certificate (invalid)” message and then select “View Certificate”

KB 095 - Splunk - Create Self-signed SSL Certificate V2 2

KB 095 - Splunk - Create Self-signed SSL Certificate V2 3

You can see the certificate does not match the FQDN of the server.

Initial Steps

Logon through RDP to the Splunk server and start a DOS command window

Change directory to the $SPLUNK_HOME\etc\auth directory of the Splunk installation

KB 095 - Splunk - Create Self-signed SSL Certificate V2 4

Make a directory call my “myCerts” using the command “mkdir myCerts”

KB 095 - Splunk - Create Self-signed SSL Certificate V2 5

Change to the myCerts directory

KB 095 - Splunk - Create Self-signed SSL Certificate V2 6

Create Root Certificate Authority

Create a Certificate Authority Private Key

“C:\Program Files\Splunk\bin\openssl.exe” genrsa -aes256 -passout pass:1234 -out myCAPrivateKey.key 2048 -config “C:\Program Files\Splun \openssl.cnf”

KB 095 - Splunk - Create Self-signed SSL Certificate V2 7

Remove the Key phrase from the private key

“C:\Program Files\Splunk\bin\openssl.exe” rsa -passin pass:1234 -in myCAPrivateKey.key -out myCAPrivateKey.key

KB 095 - Splunk - Create Self-signed SSL Certificate V2 8

Create Root Certificate Request

Use the following command to generate a request for the root certificate – in the example below I called my RootCA – SplunkCA.bnwconsulting.com.au

“C:\Program Files\Splunk\bin\openssl.exe” req -new -key myCAPrivateKey.key -out myCACertificate.csr -config “C:\Program Files\Splunk\openssl.cnf”

KB 095 - Splunk - Create Self-signed SSL Certificate V2 9

Sign Certificate Request

Sign the certificate request with the Root CA private key.

“C:\Program Files\Splunk\bin\openssl.exe” x509 -req -in myCACertificate.csr -sha512 -signkey myCAPrivateKey.key -CAcreateserial -out myCACertificate.pem -days 1095

KB 095 - Splunk - Create Self-signed SSL Certificate V2 10

Create Server Certificate

Create server private key

Create a private key for the server certificate

“C:\Program Files\Splunk\bin\openssl.exe” genrsa -aes256 -passout pass:1234 -out myServerPrivateKey.key 2048 -config “C:\Program Files\Splunk\openssl.cnf”

KB 095 - Splunk - Create Self-signed SSL Certificate V2 11

Remove Key phrase from private key

“C:\Program Files\Splunk\bin\openssl.exe” rsa -passin pass:1234 -in myServerPrivateKey.key -out myServerPrivateKey.key

KB 095 - Splunk - Create Self-signed SSL Certificate V2 12

Create Server Certificate request

Use the following command to generate a Certificate request that will be signed by the RootCA you have created. The name uses must match the FQDN of your Splunk server. In the example below I am generating a request for Splunk66x.bnwconsulting.com.au

“C:\Program Files\Splunk\bin\openssl.exe” req -new -key myServerPrivateKey.key -out myServerCertificate.csr -config “C:\Program Files\Splunk\openssl.cnf”

KB 095 - Splunk - Create Self-signed SSL Certificate V2 13

Sign Server Certificate Request

Use the following command to generate a response for the Server Certificate request from the Root CA Certificate.

“C:\Program Files\Splunk\bin\openssl.exe” x509 -req -in myServerCertificate.csr -sha256 -CA myCACertificate.pem -CAkey myCAPrivateKey.key-CAcreateserial -out myServerCertificate.pem -days 1095

KB 095 - Splunk - Create Self-signed SSL Certificate V2 14

Import Response

Import the Certificate response into the Splunk Server Certificate

copy myServerCertificate.pem+myServerPrivateKey.key+myCACertificate.pem mySplukServerCertificate.pem

KB 095 - Splunk - Create Self-signed SSL Certificate V2 15

mySplukServerCertificate.pem is now the SSL Certificate for your server.

Update Splunk configuration

Certificate files

The following files will now exist in the “myCerts” directory

Root CA Files

  • myCACertificate.csr
  • myCACertificate.pem
  • myCACertificate.srl
  • myCAPrivateKey.key

Server Certificate Files

  • myServerCertificate.csr
  • myServerCertificate.pem
  • myServerPrivateKey.key
  • mySplukServerCertificate.pem

KB 095 - Splunk - Create Self-signed SSL Certificate V2 16

Update Splunk SSL settings

Navigate to the $SPLUNK_HOME\etc\system\local directory

KB 095 - Splunk - Create Self-signed SSL Certificate V2 17

Open server.conf and search [sslConfig]

KB 095 - Splunk - Create Self-signed SSL Certificate V2 18

[sslConfig]
sslPassword = xxxxxxxxxxxx

Replace the information under [sslConfig] with the following information

[sslConfig]
caCertFile = myCACertificate.pem
caPath = $SPLUNK_HOME\etc\auth\mycerts
sslKeysfile = mySplukServerCertificate.pem
sslKeysfilePassword = 1234

KB 095 - Splunk - Create Self-signed SSL Certificate V2 19

Save and close

Restart Splukd windows service

KB 095 - Splunk - Create Self-signed SSL Certificate V2 20

Test new certificate

Connect to port 8089 of your Splunk server through a web browsers using the following format:
https://<Fully Qualified Domain Name:8089

KB 095 - Splunk - Create Self-signed SSL Certificate V2 21

Accept to continue to the website

KB 095 - Splunk - Create Self-signed SSL Certificate V2 22

Click on the “Certificate error” message and then select “View Certificate”

KB 095 - Splunk - Create Self-signed SSL Certificate V2 23

KB 095 - Splunk - Create Self-signed SSL Certificate V2 24

Verify the “Issued to” name of the certificate matches the browser name.

Download PDF version here