This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10
You can enable HTTPS via Splunk Web or web.conf. You can also enable SSL through separate configurations. Splunk can listen on HTTPS or HTTP, but not both.
Important: If you are using Firefox 3, enabling SSL for a Splunk deployment may result in an "invalid security exception" being displayed in the browser. Refer to this workaround documentation for more information.
To enable HTTPS in Splunk Web, navigate to Manager > System settings and set the radio button labeled Enable SSL (HTTPS) in Splunk Web?.
Note: You must restart Splunk to enable the new settings. Also, you must now append "https://" to the URL you use to access Splunk Web.
In order to enable HTTPS, modify web.conf. Edit this file in $SPLUNK_HOME/etc/system/local/, or your own custom application directory in $SPLUNK_HOME/etc/apps/. For more information on configuration files in general, see how configuration files work.
[settings] httpport = <port number> enableSplunkWebSSL = true
httpport
enableSplunkWebSSL
Once you have made the changes to web.conf, you must restart Splunk for the changes to take effect.
The certificates used for SSL between Splunk Web and the client browser is located in $SPLUNK_HOME/share/splunk/certs/. You can replace the self-signed default certificate with your own.
The certificates for SSL are specified in web.conf. You can change the defaults to your own certificate names.
privKeyPath = /certs/privkey.pem caCertPath = /certs/cert.pem
Restart Splunk Web from the CLI for your changes to take effect. To use Splunk's CLI, navigate to the $SPLUNK_HOME/bin/ directory and use the ./splunk command.
./splunk restart splunkweb
If your self-signed certificate for Splunk Web expires, you can generate a new one by deleting cert.pem and privkey.pem in $SPLUNK_HOME/share/splunk/certs/.