Installing a Wildcard SSL/TLS Certificate on a Splunk Web (Running in a Docker Container)

Posted

Updated

ByCraig Bourne

The Environment

You will need the following:

Administrator access to your Synology NAS. I’m using a Synology DS918+ running DSM 6.2.4-25556.
Your Private Key from your Public/Private Key Pair. It should have the file extension of .key and when opened in a text editor, should look like the following:

-----BEGIN PRIVATE KEY----- 
<base 64 encoded private key> 
-----END PRIVATE KEY-----

Your Full Certificate Chain file. This is the full chain of certificates, starting with your certificate, then any certificate authorities in the order described below:

Each of these files are in PEM format, which is just a Base64 encoded binary file so that they can be read as text files. Decoding these files will result in mainly non-printable characters. For more info have a read about Privacy-Enhanced Mail.

Map the following volumes to a local share so that they will be persistence across container rebuilds:

Highlighted in red is what is required for this, however I suggest mounting all of these as you will want to all these configuration files to be persistent. The indexes folder is also mapped so that the log data is persistent.
Place the Private Key and the Full Chain certificate file in the ‘mycerts’ directory.
Edit the ‘web.conf’ file as per the docs.
[settings] enableSplunkWebSSL = true privKeyPath = Absolute paths may be used. Non-absolute paths are relative to $SPLUNK_HOME. serverCert = Absolute paths may be used. Non-absolute paths are relative to $SPLUNK_HOME.
Restart Splunk.
Load the Splunk web interface and check.

Tags: