How to prepare TLS certificates for use with the Splunk platform
Configure Splunk indexing and forwarding to use TLS certificates
Configure TLS certificates for inter-Splunk communication
Configure Splunk Web to use TLS certificates
Test and troubleshoot TLS connections
export LD_LIBRARY_PATH=/opt/splunk/lib/:$LD_LIBRARY_PATH
export SPLUNK_HOME=/opt/splunk/
mkdir $SPLUNK_HOME/etc/auth/mycerts
cd $SPLUNK_HOME/etc/auth/mycerts
/opt/splunk/bin/openssl genrsa -aes256 -out myServerPrivateKey.key 2048
openssl req -new -key myServerPrivateKey.key -out myServerCertificate.csr
openssl x509 -req -in myServerCertificate.csr -sha512 -signkey myServerPrivateKey.key -CAcreateserial -out myServerCertificate.pem -days 3650
chown -R splunk:splunk /opt/splunk
nano /opt/splunk/etc/system/local/web.conf
[settings]
enableSplunkWebSSL = true
privKeyPath = /opt/splunk/etc/auth/mycerts/myServerPrivateKey.key
serverCert = /opt/splunk/etc/auth/mycerts/myServerCertificate.pem
sslPassword = password
cd /opt/splunk/etc/auth
mv server.pem server.pem.bkp
chown -R splunk:splunk /opt/splunk
/opt/splunk/bin/splunk restart
openssl x509 -in server.pem -text
The following command will generate a private key file without a password from your .pfx file (requires password):
openssl pkcs12 -in certificate.pfx -out privateKey.key -nocerts -nodes
The following command will generate a .pem certificate file from your .pfx file which will include any intermediate and root certificates that may be included in the .pfx file. (requires password):
openssl pkcs12 -in certificate.pfx -out certificate.pem -nokeys -clcerts
/opt/splunk/etc/auth