The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.

Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.

Forums: SplunkAdministration: Intermediate cert chain installation

Previous Topic: RFC 5424  |   Next Topic: View available Forwarders


Posts 1–7 of 7
1
posted by: tnine  |  posts
date: August 22, 2009
permalink

Hi all,
I've recently purchased a cheap SSL cert from GoDaddy for our splunk installation. We've used them before on our internal servers, but they require a cert chain installation. You can view the apache setup information here.

https://certs.godaddy.com/Apache1_alt.go

I've changed my local web.conf to include the key and the cert, but how do I install the chain file? All browsers complain they can't verify ownership of my splunk installation.

Thanks,
Todd

[Revised on Sat, 22 Aug 2009 17:10:15 -0700]

Specifically, I receive the error (Error code: sec_error_unknown_issuer). I have to install the intermediate certificate for my certificate to be valid.

2
posted by: tnine  |  posts
date: August 25, 2009
permalink

Bump. Anyone?

3
posted by: tnine  |  posts
date: August 25, 2009
permalink

Ok, so I've given up on getting Splunk to do this and I've just proxied it via a simple Apache installation. I've configured my reverse proxy as per this page

https://apps.akeles.com/confluence/display/DOC/Using+Apache+with+mod_proxy

However I'm running into an issue where Apache is replacing actual space characters " " and escaping them with "%20" which is causing my queried to blow up. Any way around this?

4
posted by: tnine  |  posts
date: August 27, 2009
permalink

So, I'm back again. Mod_proxy can't properly proxy the URLs that have a %20 in them, it escapes the "%20" and puts in %2520. I've found that there's been a patch to the web server that splunk uses. I'm assuming this is the correct server after digging through the ssl configuration directive in the py source files.

http://groups.google.com/group/cherrypy-users/msg/085a9f2edc920b24?pli=1

Would it be possible to apply this patch in the next release so we can to cert chains?

Thanks
Todd

5
posted by: splunkles99  |  posts
date: December 15, 2009
permalink

Had the same problem - you have to make sure that if your RP uses SSL then splunk also uses SSL - if your RP uses plain http then so does splunk

6
posted by: splunkles99  |  posts
date: December 17, 2009
permalink

to get round the %20 issue you can put in a modrewrite rule with [EN] flags at the end - I had this issue when the rp was running ssl and then forwarding to splunk on http and this fixed it. But to avoid it in the first place run both on ssl or both on http don't mix them.

7
posted by: mikelanghorst  |  posts
date: January 8, 2010
permalink

a bit late, but http://www.splunk.com/base/Documentation/4.0.8/Admin/Serverconf

caCertFile = <filename>
* Public key of the signing authority.
* Default is cacert.pem.