Splunk HTTPS
create HTTPS connection for Splunk via Apache
edit /opt/splunk/etc/system/local/server.conf
[sslConfig]
sslRootCAPath = /etc/pki/tls/certs/ca-bundle.crt
cipherSuite = ECDHE:!SSLv3:!aNULL:!eNULL:!EXPORT:!DES:!DSS:!RC4:!3DES:!MD5:!PSK
ecdhCurves = secp521r1, secp384r1, prime256v1
sslVersions = tls1.2
sslVersionsForClient = tls1.2
caPath = /etc/pki/tls/private/
sslKeysfile = splunkserver.corp.local.chain.pem
sslKeysfilePassword = $1$0KA2jqjSRTsu
requireClientCert = false
sslVerifyServerCert = false
sslPassword = $1$X2bR+zIs4Rp3
edit /opt/splunk/etc/system/local/web.conf
[settings]
enableSplunkWebSSL = true
httpport = 443
privKeyPath = /etc/pki/tls/private/splunkserver.corp.local.pem
caCertPath = /etc/pki/tls/certs/splunkserver.corp.local.chain.pem
sslVersions = tls1.2
cipherSuite = ECDHE:!SSLv3:!aNULL:!eNULL:!EXPORT:!DES:!DSS:!RC4:!3DES:!MD5:!PSK
ecdhCurves = secp521r1, secp384r1, prime256v1
enableWebDebug = true
in Apache, create /etc/httpd/conf.d/splunk.conf
Listen 8000
RewriteEngine On
<VirtualHost *:80>
Redirect / https://splunkserver.corp.local
</VirtualHost>
restart splunk, httpd