Splunk: Create self-signed certificate
Splunk: Create self-signed certificate
For using Splunk-Edge Processor i need a certificate for the Splunk API communication. Splunk-Edge is realy strict on this matter, so i need to create a self signed certificate with the servername in sans format.
create CA
1
2
3
4
5
6
7
8
9
10
11
12
13
cd $SPLUNK_HOME/etc/auth/mycerts
# generate ca private key
/opt/splunk/bin/splunk cmd openssl genpkey -aes-256-cbc -algorithm RSA -out myCertAuthPrivateKey.key -pkeyopt rsa_keygen_bits:2048
# create ca.conf
vim ca.conf
# generate csr
/opt/splunk/bin/splunk cmd openssl req -new -key myCertAuthPrivateKey.key -out myCertAuthCertificate.csr -config ca.conf
# create cert
/opt/splunk/bin/splunk cmd openssl x509 -req -in myCertAuthCertificate.csr -sha512 -signkey myCertAuthPrivateKey.key -CAcreateserial -out myCertAuthCertificate.pem -days 1095 -extfile ca.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# ca.conf
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
prompt = no
[req_distinguished_name]
C = country
O = myOrganisation
CN = Internal CA
[v3_ca]
basicConstraints = critical,CA:TRUE
keyUsage = critical, keyCertSign, cRLSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
create Server Certificate
1
2
3
4
5
6
7
8
9
10
11
12
# create config
vim etc/auth/myCert/myServer.conf
# generate csr with config
bin/splunk cmd openssl req -new -key myServerPrivateKey.key -out myServerCertificate.csr -config myServer.conf
# sign request
bin/splunk cmd openssl x509 -req -in myServerCertificate.csr -CA myCertAuthCertificate.pem -CAkey myCertAuthPrivateKey.key -CAcreateserial -out myServer.pem -days 1095 -extensions v3_req -extfile myServer.conf
# verifiy
bin/splunk cmd openssl x509 -in myServer.pem -text -noout
bin/splunk cmd openssl verify -CAfile myCertAuthCertificate.pem myServer.pem
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# myServer.conf
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = Country
O = My Organisation
CN = server.name
[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = server.name
combine to certificate bundle
1
2
3
# combine
cat myServer.pem myServerPrivateKey.key myCertAuthCertificate.pem > myCertComb.pem
add to system and splunk cert store
1
2
3
4
5
# add cert to server and splunk
sudo cat myCertAuthCertificate.pem >> /cdc/splunk/etc/auth/cacert.pem
cp myCertAuthCertificate.pem /usr/local/share/ca-certificates/myCertAuthCertificate.crt
sudo update-ca-certificates
use for splunk sslconfig
1
2
3
4
5
6
# /opt/splunk/etc/system/local/server.conf
[sslConfig]
enableSplunkdSSL = true
sslRootCAPath = /opt/splunk/etc/auth/cacert.pem
serverCert = /opt/splunk/etc/auth/mycerts/myCertComb.pem
sslPassword = <my-password>
source
This post is licensed under CC BY 4.0 by the author.