Post

Splunk: Create self-signed certificate

Splunk: Create self-signed certificate

For using Splunk-Edge Processor i need a certificate for the Splunk API communication. Splunk-Edge is realy strict on this matter, so i need to create a self signed certificate with the servername in sans format.

create CA

1
2
3
4
5
6
7
8
9
10
11
12
13
cd $SPLUNK_HOME/etc/auth/mycerts

# generate ca private key
/opt/splunk/bin/splunk cmd openssl genpkey -aes-256-cbc -algorithm RSA -out myCertAuthPrivateKey.key -pkeyopt rsa_keygen_bits:2048

# create ca.conf
vim ca.conf

# generate csr
/opt/splunk/bin/splunk cmd openssl req -new -key myCertAuthPrivateKey.key -out myCertAuthCertificate.csr -config ca.conf

# create cert
/opt/splunk/bin/splunk cmd openssl x509 -req -in myCertAuthCertificate.csr -sha512 -signkey myCertAuthPrivateKey.key -CAcreateserial -out myCertAuthCertificate.pem -days 1095 -extfile ca.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# ca.conf
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
prompt = no

[req_distinguished_name]
C = country
O = myOrganisation
CN = Internal CA

[v3_ca]
basicConstraints = critical,CA:TRUE
keyUsage = critical, keyCertSign, cRLSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer

create Server Certificate

1
2
3
4
5
6
7
8
9
10
11
12
# create config
vim etc/auth/myCert/myServer.conf

# generate csr with config
bin/splunk cmd openssl req -new -key myServerPrivateKey.key -out myServerCertificate.csr -config myServer.conf 
 
# sign request
bin/splunk cmd openssl x509 -req -in myServerCertificate.csr -CA myCertAuthCertificate.pem -CAkey myCertAuthPrivateKey.key -CAcreateserial -out myServer.pem -days 1095 -extensions v3_req -extfile myServer.conf

# verifiy
bin/splunk cmd openssl x509 -in myServer.pem -text -noout
bin/splunk cmd openssl verify -CAfile myCertAuthCertificate.pem myServer.pem
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# myServer.conf
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no

[req_distinguished_name]
C = Country
O = My Organisation
CN = server.name

[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = server.name

combine to certificate bundle

1
2
3
# combine
cat myServer.pem myServerPrivateKey.key myCertAuthCertificate.pem > myCertComb.pem

add to system and splunk cert store

1
2
3
4
5
# add cert to server and splunk
sudo cat myCertAuthCertificate.pem >> /cdc/splunk/etc/auth/cacert.pem

cp myCertAuthCertificate.pem /usr/local/share/ca-certificates/myCertAuthCertificate.crt
sudo update-ca-certificates

use for splunk sslconfig

1
2
3
4
5
6
# /opt/splunk/etc/system/local/server.conf
[sslConfig]
enableSplunkdSSL = true
sslRootCAPath = /opt/splunk/etc/auth/cacert.pem
serverCert = /opt/splunk/etc/auth/mycerts/myCertComb.pem
sslPassword = <my-password>

source

This post is licensed under CC BY 4.0 by the author.