The availability of Let’s Encrypt across most modern browsers’ trusted stores is pretty awesome. Combine that with an easy to use interface for generating/renewing certificates and you’ve got a winning platform.
Today we’ll look into generating a certificate with Let’s Encrypt to secure a Splunk Enterprise installation. This howto assumes a couple things:
- Splunk is installed under /opt/splunk
- Let’s Encrypt binaries are under /opt/letsencrypt
Let’s get started! First make a backup of current certs under /opt/splunk/etc/auth/splunkweb (privkey.pem and cert.pem). To do this, we’ll use the standalone temporary webroot feature from Let’s Encrypt, which will listen on port 80 for incoming connections to validate the domain/host. Make sure that’s open. Run ‘letsencrypt-auto certonly’ from the Let’s Encrypt folder, then select the temporary webserver option. Your new certs should be generated under the /etc/letsencrypt/live folder.
Next up we’ll simply link the generated certs to the Splunk folders. With default folders in consideration, do this:
- cd /opt/splunk/etc/auth/splunkweb
- ln -s /etc/letsencrypt/live/ (YOUR HOST) /privkey.pem ./privkey.pem
- ln -s /etc/letsencrypt/live/ (YOUR HOST) /fullchain.pem ./cert.pem
After that, log into the Splunk interface on port 8000 (default) and go to the Administration section, then enable SSL for the Splunk Web component. After a server restart, it should start serving SSL content over port 8000.
Leave a comment if you had any issues or suggestions!
Tags: letsencrypt, splunk, SSL
Leave a reply