How do i use intermediate SSL chain certs on splunk?

We are Using Godaddy SSL certificates for our internal systems. These require us to install a certificate chain with intermediate certificates.
How can I install these certificates in to splunk? I have tried concatenating the issued cert for our server (splunk.domain.com) on to the intermediate cert, but this has not fixed the issue. Apache has a configuration option for an intermediate cert, but I can't find any documentation on how to set this up with the splunk Python server.

Our cert info and recommended procedures.

http://help.godaddy.com/article/5346

asked 27 Apr '10, 21:02

Chris R.
1.0k●1●26
accept rate: 36%

please specify whether you mean on SplunkWeb or Splunkd. The procedures and configuration are different.

(27 Apr '10, 23:44) gkanapathy ♦

This is for splunkweb

(28 Apr '10, 00:22) Chris R.

Okay. Please indicate the exact steps you have taken, indicating which files you have started with, what operations you did on each file, what files you resulted with, and where you configured them.

(28 Apr '10, 00:54) gkanapathy ♦

2 Answers:

oldest newest most voted

You need to bundle the intermediate and the server certificate into a single certificate, by concatenating the certficates together (the right type, and in the right order) and set that as the server certificate. In addition of course the root CA that signed the intermediate certificate as well as all intermediary certificates must be in the browser certificate stores. Note also that there is a difference between SSL keys and SSL certificates (slightly different file formats), and that Splunk uses PEM certificates files.

link

answered 28 Apr '10, 00:58

gkanapathy ♦
26.2k●1●6●22
accept rate: 42%

edited 04 Mar '11, 22:37

hexx ♦
7.5k●1●9●40

Hi gkanaphy, thanks for the response. I thought I'd already done that correctly. Here are the steps I've followed.

Follow the Godaddy instructions to generate your key file and CSR. Once you have downloaded the certs, follow this readme (which is on the server as well) to create proper cert files.

The following files are generated by open ssl to upload to godaddy. Just follow standard apache tutorials online to generate a private key.

splunk.key
splunk.csr

Once the csr is uploaded, then the ssl cert is downloaded. The 2 cert files from godaddy are

splunk.crt
gd_bundle.crt

You'll then want to convert the private key to an rsa private key.

openssl rsa -in splunk.key -out splunk.rsa.key

Create a PEM file for splunk by using the following command.

cat splunk.crt gd_bundle.crt > splunk.pem

Copy this to

/opt/splunk/share/splunk/certs/

Use the following files for splunk

key => splunk.rsa.key cert => splunk.pem

I edited $SPLUNK_HOME/etc/system/local/web.conf and set the following values

[settings]
httpport = 443
enableSplunkWebSSL = 1
privKeyPath = /certs/splunk.rsa.key
caCertPath = /certs/splunk.pem

This works for most of my browsers. However Chrome and Safari still tell me my certificate is not issued by a valid authority.

link

answered 28 Apr '10, 23:52

todd8063
1●1
accept rate: 0%

edited 29 Apr '10, 22:55

Post your answer

toggle preview

Follow this question

Email:

RSS:

Answers

Answers + Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

splunk-web ×104
ssl ×65

Asked: 27 Apr '10, 21:02

Seen: 1,395 times

Last updated: 04 Mar '11, 22:37

How do i use intermediate SSL chain certs on splunk?

Follow this question

Splunk Resources

Related questions