• What's New
  • What's new in Splunk 3.3
    • Summary Indexing
    • Application browser and manager
    • Continuous crawling
    • Windows Registry input
    • WMI input
    • New directory structure and nomenclature for custom bundles/applications
    • New developer tools
• Known Issues
  • Known Issues for release 3.3.4
    • General issues and considerations
    • Search issues, including deprecated commands
    • Splunk Web issues and considerations
    • Windows-specific considerations and known issues
    • Distributed search issues and considerations
    • Configuration considerations and issues
    • Splunk Toolbar considerations and issues
    • API considerations and issues
  • Workaround for SSL configuration for users of Firefox 3
    • Background
    • Symptoms
    • Workaround
• Changelogs by Version
  • 3.3
  • 3.3.1
    • Windows-specific issues
  • 3.3.2
  • 3.3.3
    • Windows-specific issues
  • 3.3.4
• Credits
  • Credits
  • APSW
  • boost
  • elementree
  • expat
  • fpconst
  • gadfly
  • libarchive
  • libiconv
  • libxml2
  • libxslt
  • log4py
  • numeric
  • openLDAP
  • OpenSSL
  • pcre
  • popt1.7
  • pyopenssl
  • pysqlite
  • python
  • pyxml
  • SOAPppy 0.11.6
  • sqlite
  • twisted
  • xmlwrapp 0.5.0
  • zope
  • zlib

Workaround for SSL configuration for users of Firefox 3

Caution: The workaround described in this topic is not to be used in high-security environments, or any install that uses custom SSL certs. Custom SSL certificates are the only way to solve this issue in a security-conscious manner.

Background

Firefox 3 tightened its security defaults to deny any SSL certificates that are mismatched. By default, Splunk uses a self-signed SSL certificate with the following details:

• Issuer (signing authority): CN=SplunkCommonCA, O=Splunk
• Issued to: CN=SplunkServerDefaultCert, O=SplunkUser

Since SplunkCommonCA is not a trusted CA (like Verisign, Thawte, etc.) and 'SplunkCerverDefaultCert' does not equal 'localhost', this is enough to trigger the security exception.

By adding the Splunk certificate to your browser's exception list, you are asserting that you trust this certificate/hostname combination.

Symptoms

This applies to environments that satisfy all of the following prerequisites:

1. Browsing via Firefox 3
2. Accessing Splunk version 3.2+
3. splunkd is set in server.conf to have enableSplunkdSSL=true
4. Hitting the splunkd management port directly from the browser, i.e. https://localhost:8089/services

- OR -

1. Browsing via Firefox 3
2. Accessing Splunk version 3.0+
3. splunkweb is set in web.conf to have enableSplunkWebSSL=true
4. Hitting Splunk Web from the browser, for example: https://localhost:8000

When accessing the splunkd REST endpoints or SSL-enabled Splunk Web via Firefox 3, the browser returns with an 'invalid security exception' message. There are 2 manifestations of this error message:

Message A:

Message B:

Workaround

Caution: This workaround is not to be used in high-security environments, or any install that uses custom SSL certs. Custom SSL certificates are the only way to solve this issue in a security-conscious manner.

If your error message is like Message B, then you can skip to step 2.

1. Open the Certificate Manager

• Click the 'Firefox' menu.
• Select the 'Preferences' menu item.
• Click the 'Advanced' tab.
• Click the 'Encryption' tab.
• Click the 'View Certificates' button.

2. Add your splunkd certificate to the certificate exceptions

• Click the 'servers' tab
• Click the 'Add Exception...' button
• Copy/paste or type in the full URI of your splunkd server, for example, https://localhost:8089
• Click the 'Get Certificate' button (at this point, the certificate status page should show some info about the certificate).
• Click the 'Confirm Security Exception' button (You should now be back on the servers tab, with a new Splunk certificate listed).