Series: Splunk TLS - Securing 8089

  • Linux Server (i.e. an old converted desktop running RHEL 8):
    - Internal Certificate Authority (internalCA), Splunk host, and all around bash box.
  1. Access/SSH to your Splunk Instance, and elevate/become the splunk user
  2. Navigate to your Splunk apps directory
    cd /opt/splunk/etc/apps
  3. Make a new directory, we’ll call it secure8089
    mkdir -p secure8089/{certs,local,metadata} && cd secure8089
  4. Fill out your app.conf and local.meta files with the boilerplate entries:
# metadata
[]
export = system
# App.Conf
# App for securing port 8089 calls
cat ../webTLS/certs/splunkWeb.pem ../webTLS/certs/splunkWeb.key > certs/server.pem
[sslConfig]
enableSplunkdSSL = true
cliVerifyServerName = true
sslVerifyServerCert = true
sslRootCAPath = $SPLUNK_HOME/etc/apps/secure8089/certs/homeCA.pem
serverCert = $SPLUNK_HOME/etc/apps/secure8089/certs/server.pem
Before
After

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
T-Rex

T-Rex

A data loving dinosaur, usually found on http://splk.it/slack Trust Cohort 2018,2019,2020,2021; Amateur Cook, (he/him)