Posts tagged ‘siem’

How to install a wildcard SSL certificate on the Splunk Web

Hi Guys

If you come across a situation where you need to install / renew a wildcard certificate (* on the Splunk Web Instance you can follow the below guidelines .The main purpose of this guide is to help fellow splunk engineers on a similar situation. Since , I did not find a proper guide neither in Splunk Portal nor via the Google searches. ,

  • If it is a standard SSL certificate please follow the detailed splunk guide line
  • In case if you want to convert it to crt to pem format use the command line “openssl x509 -in cert.crt -out cert.pem”
  • My commands are based on openssl utility in a Linux Server.
  • Already a CSR has been created on another server (a Windows Server) and the wildcard certificate has been obtained from the SSL vendor .Thereafter ,we have installed certificate on that Server and then exported the SSL certifcate(as .pfx format with the private key) to be imported to all other servers including our Splunk Server.

Now let’s go in to the steps

  • Do not create a seperate private key as quoated in the above guide. No need to create a CSR on the Splunk Server as well.
  • Copy the Intermediate Root certificate to the Splunk Server and convert it to a pem
    openssl x509 -in MyRoot.crt -out MyRoot.pem
  • Copy the .pfx file to the Splunk Server and extract the private key. , and when it prompts for the password , Enter the password you entered when you created /exported the pfx certificate
    #openssl pkcs12 -in certificate.pfx -out privatekey.key -nocerts -nodes
  • Now extract the Server Key certificate ,and and when it prompts for the password , Enter the password when you created /exported the pfx certificate
    #openssl pkcs12 -in certificate.pfx -out certificate.pem -nokeys -clcerts
  • Now you can verify the MD5 hashes for the above using the below commands. It must match.
    #openssl x509 -noout -modulus -in certificate.pem |openssl md5
    #openssl rsa -noout -modulus -in privatekey.key |openssl md5

    The final step is to combine the server certificate and the root certificate in to a single .pem file.
    # cat certificate.pem MyRoot.pem >> MySplunkWebCert.pem

That’s it , now you can point the privatekey.key and MySplunkWebCert.pem(The combined one which will include the Server Certifcate and the Root Certificate) as per the guidelines

NOTE : I have not focused on the paths and the file names . so please ensure you add the file paths and the names according to your environment.



March 14, 2023 at 12:37 pm Leave a comment



Follow Hope you like it.. on

Blog Stats

  • 65,264 hits

%d bloggers like this: