One important requirement is for the publicly accessible domain to have an A record associated with the host you are creating a cert for. Additionally the @ record must also route to a publicly accessible server.
Example DNS Settings for AnthonyTellez.com:
Thanks to EFF there is an easy way to automate the cert process using Certbot.
You can find the exact instructions for getting it installed on your flavor of Linux here: https://certbot.eff.org/
From the drop down you want to select “none of the above” and the operating system you are using.
For this example, we are going to be using Ubuntu 16.04 (Xenial).
Install Certbot on the Splunk server you wish to secure with SSL using: sudo apt-get install letsencrypt
Once installed, use the following command line options for certbot, substituting your domain & subdomain.
$ letsencrypt certonly --standalone -d splunk-es.anthonytellez.com
At the prompt, fill out your information for key recovery and agree to the TOS.
On successful completion, you should see the following message:
Take note of the expiration date, you can renew whenever you need to.
Take a quick peek in /etc/letsencrypt/live/
root@splunk-es:~# cd /etc/letsencrypt/live/anthonytellez.com/
root@splunk-es:/etc/letsencrypt/live/anthonytellez.com# ls
cert.pem chain.pem fullchain.pem privkey.pem
You will see four .pem files, you only need to copy two which are needed for Splunk web SSL (fullchain.pem & privkey.pem). The quickest way to get Splunk configured and remember is to create a directory in /opt/splunk/etc/auth/ In my case, I created a directory using the domain name to keep things simple and memorable.
mkdir /opt/splunk/etc/auth/anthonytellez
cp fullchain.pem privkey.pem /opt/splunk/etc/auth/anthonytellez/
chown -R splunk:splunk /opt/splunk/
Configure Splunk web to make use of the certs in $SPLUNK_HOME/etc/system/local/web.conf:
[settings]
enableSplunkWebSSL = 1
privKeyPath = etc/auth/anthonytellez/privkey.pem
caCertPath = /opt/splunk/etc/auth/anthonytellez/fullchain.pem
Restart Splunk using: ./splunk restart and direct your browser to the https version of Splunk web.
In our example the URL would be: https://splunk-es.anthonytellez.com:8000
If you need additional examples, take a peek at docs.splunk.com: Configure Splunk Web to use the key and certificate files.
