On-Premises Insights (IOP 3.X) - SSL

The default installation does not include SSL.

However, implementing SSL is relatively simple and recommended.

Please follow the following steps:

Secure the Web with your own certificate

This example assumes that you have already generated self-signed certificates or purchased third-party certificates. If you have not done this and are unsure how to proceed, we've provided some simple examples:

Note: IOP currently does not support password-protected private keys. You should remove the password from your key before configuring IOP for the certificate.

Before you begin: Copy your certificates to a new folder

Copy the server certificate to $IOP_HOME/etc/auth/splunkweb or to your own certificate repository in $IOP_HOME/etc/auth.

In the following example our web certificate is called myIOPCertificate.pem and our private key is called myIOPPrivateKey.key:


# cp $IOP_HOME/etc/auth/mycerts/myIOPCertificate.pem $IOP_HOME/etc/auth/mycerts/myIOPPrivateKey.key $IOP_HOME/etc/auth/splunkweb


copy $IOP_HOME\etc\auth\mycerts\myIOPCertificate.pem $IOP_HOME\etc\auth\splunkweb\

copy $IOP_HOME\etc\auth\mycerts\myIOPPrivateKey.key $IOP_HOME\etc\auth\splunkweb\

Note: Do not overwrite or delete the existing certificates located in $IOP_HOME/etc/auth/splunkweb/. The certificates at this location are automatically generated upon startup, meaning that any changes you make will be overwritten at startup. Instead, in the next steps, we will rewrite the relevant configuration file to point to your new certificate location.

Configure IOP to use the key and certificate files

Note: IOP does not support passwords for private keys, so you must remove the password from the key before using the key to secure Web.

1. In $IOP_HOME/etc/system/local/web.conf (or any other applicable location, if you are using a deployment server), make the following changes to the [settings]stanza. The file
paths can be set either using relative or absolute paths. Both of the following examples are
equivalent if $IOP_HOME is set to d:/myroot/home.

The following is an example of an edited settings stanza using a path relative to

# Example of using path relative to $IOP_HOME
enableSplunkWebSSL = true
privKeyPath = etc/auth/mycerts/mySplunkWebPrivateKey.key
serverCert = etc/auth/mycerts/mySplunkWebCertificate.pem

The following is an example of an edited settings stanza using a path relative to

# Example of using absolute path
enableSplunkWebSSL = true
privKeyPath = d:/myroot/home/etc/auth/mycerts/mySplunkWebPrivateKey.key
serverCert = d:/myroot/home/etc/auth/mycerts/mySplunkWebCertificate.pem

2. Restart The service: # $IOP_HOME/bin/splunk restart splunk service

3. To change the Console URL to open as https (instead of http) please go to the On-Prem server > Open the regedit.exe

Change the UseSSL to 1 under the HKEY_LOCAL_MACHINE\SOFTWARE\Smart-X\ControlUpServer\IOP


If you encounter any issue or question, please let us know at support@controlup.com

1-on-1 Demo
Schedule now
Price Quote
Get it now
Need a Script?
Get it here
Powered by Zendesk