Provide the requested information for your certificate. When prompted, provide the password you created foryour private key myServerPrivateKey.key.ģ. Openssl req–new -key myServerPrivateKey.key -out myServerCertificate.csr -config “E:\Program Files\Splunk\openssl.cnf”Ģ. Use your private key myServerPrivateKey.key to generate a CSR for your server certificate: Generate a new Certificate Signing Request (CSR)ġ. You will use this key to sign your Certificate Signing Request (CSR). When you are done, a new private key myServerPrivateKey.key is created in your directory. When prompted, create a password for your key. Openssl genrsa -des3 -out myServerPrivateKey.key 2048 -config E:\Program Files\Splunk\openssl.cnfĢ. The following example uses DES3 encryption and a 2048 bit key length, we recommend a key length of 2048 or higher. Generate a private key for your server certificateġ. Working in a new directory protects the certificates that ship with Splunk and lets you use them for other Splunk components as necessary.Ĭreate and sign a Certificate Signing Request (CSR) to send to your Certificate Authority. Splunk strongly recommends that you make a new folder so that you do not overwrite the existing certificates in $SPLUNK_HOME/etc/auth for your new certificates and keys. Mkdir E:\Program Files\Splunk\etc\auth\mycerts2Ĭd E:\Program Files\Splunk\etc\auth\mycerts2 Make sure that you are using the version of OpenSSL provided with Splunk Enterprise by setting your environment to the version in $SPLUNK_HOME/splunk/lib in *nix or %SPLUNK_HOME%/splunk/bin in Windows.Ĭreate a new directory for your certificatesĬreate a new directory to work from when creating your certificates. See the Administration Guide to learn more about working with Windows and *nix. For most Unix platforms, the default installation directory is at /opt/splunk. ![]() On Windows, the Splunk Enterprise directory is at C:\Program Files\Splunk by default. On Windows, you might need to set this variable at the command line or in the Environment tab in the System Properties dialog. In this discussion, $SPLUNK_HOME (%SPLUNK_HOME% on Windows) refers to the Splunk Enterprise installation directory. Obtain third-party certificates that you can use to secure your forwarder-to-indexer and inter-Splunk communication. ![]() This topic describes one way you can use the version of OpenSSL that ships with Splunk Enterprise to How to get certificates signed by a third-party Customer wants to use a CA signed certificate, to ensure the certificate issues by Splunk matches the hostname being used to access the restAPI which is a requirement for HTTPS / SSL to function.Splunk – Adding a CA signed certificate to the restAPI HTTPS port
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |