On-Premises Insights (IOP) - SSL

The default installation does not include SSL.

However, implementing SSL is relatively simple and recommended.

Please follow the following steps:

Secure Web with your own certificate

This example assumes that you have already generated self-signed certificates or purchased third-party certificates. If you have not done this and are unsure how to proceed, we've provided some simple examples:

Note: IOP does not currently support password-protected private keys. You should remove the password from your key before configuring IOP for the certificate.

Before you begin: Copy your certificates to a new folder

Copy the server certificate to $IOP_HOME/etc/auth/splunkweb or to your own certificate repository in $IOP_HOME/etc/auth.

In the following example our web certificate is called myIOPCertificate.pem and our private key is called myIOPPrivateKey.key:

*nix:

# cp $IOP_HOME/etc/auth/mycerts/myIOPCertificate.pem $IOP_HOME/etc/auth/mycerts/myIOPPrivateKey.key $IOP_HOME/etc/auth/splunkweb

Windows:

copy $IOP_HOME\etc\auth\mycerts\myIOPCertificate.pem $IOP_HOME\etc\auth\splunkweb\

copy $IOP_HOME\etc\auth\mycerts\myIOPPrivateKey.key $IOP_HOME\etc\auth\splunkweb\

Note: Do not overwrite or delete the existing certificates located in $IOP_HOME/etc/auth/splunkweb/. The certificates at this location are automatically generated upon startup, meaning that any changes you make will be overwritten at startup. Instead, in the next steps, we will rewrite the relevant configuration file to point to your new certificate location.

Configure IOP to use the key and certificate files

Note: IOP does not support passwords for private keys, so you must remove the password from the key before using the key to secure Web.

1. In $IOP_HOME/etc/system/local/web.conf (or any other applicable location, if you are using a deployment server), make the following changes to the [settings]stanza:

The following is an example of an edited settings stanza:

[settings]
enableSplunkWebSSL = true
privKeyPath = </home/user/certs/myprivatekey.key> Absolute paths may be used. non-absolute paths are relative to $IOP_HOME
caCertPath = </home/user/certs/mycacert.pem. Absolute paths may be used. non-absolute paths are relative to $IOP_HOME

2. Restart The service:

# $IOP_HOME/bin/splunk restart splunk service

 

If you encounter any issue or question, please let us know at support@controlup.com

Powered by Zendesk