Splunk HTTPS

create HTTPS connection for Splunk via Apache

edit /opt/splunk/etc/system/local/server.conf

[sslConfig]

sslRootCAPath = /etc/pki/tls/certs/ca-bundle.crt

cipherSuite = ECDHE:!SSLv3:!aNULL:!eNULL:!EXPORT:!DES:!DSS:!RC4:!3DES:!MD5:!PSK

ecdhCurves = secp521r1, secp384r1, prime256v1

sslVersions = tls1.2

sslVersionsForClient = tls1.2

caPath = /etc/pki/tls/private/

sslKeysfile = splunkserver.corp.local.chain.pem

sslKeysfilePassword = $1$0KA2jqjSRTsu

requireClientCert = false

sslVerifyServerCert = false

sslPassword = $1$X2bR+zIs4Rp3

edit /opt/splunk/etc/system/local/web.conf

[settings]

enableSplunkWebSSL = true

httpport = 443

privKeyPath = /etc/pki/tls/private/splunkserver.corp.local.pem

caCertPath = /etc/pki/tls/certs/splunkserver.corp.local.chain.pem

sslVersions = tls1.2

cipherSuite = ECDHE:!SSLv3:!aNULL:!eNULL:!EXPORT:!DES:!DSS:!RC4:!3DES:!MD5:!PSK

ecdhCurves = secp521r1, secp384r1, prime256v1

enableWebDebug = true

in Apache, create /etc/httpd/conf.d/splunk.conf

Listen 8000

RewriteEngine On

<VirtualHost *:80>

Redirect / https://splunkserver.corp.local

</VirtualHost>

restart splunk, httpd