Open in app

Sign in

Write

Sign in

Generating the Domain name and TLS Certs/key

A series of 4 blogs about Encrypting data in motion between Splunk and Cribl

InfoSecNinja
4 min readSep 15, 2023

This is the second part of a blog series about encrypting data in transit between Splunk and Cribl. If you want to learn more about fundamentals, please click here to read part 1.

Let’s get started right away with the prerequisites:

  1. An instance of the application (in our case, it is Splunk Enterprise) running and published over the internet(in our case) else within the enterprise.

On the high level this is what we are trying to do —

  1. Ensuring that the application is running and web UI is accessible online.
  2. Creating a free DNS address, linking its host A record with our public IP.
  3. Generating a free public CA certificate on the name of the domain we acquired above in step 2.
  4. Validating that acquired certs and keys are created correctly.

Below are the low-level procedural steps.

Step 1 — Accessing Splunk Enterprise Application Web UI

We have a Splunk all-in-one instance running on AWS over the elastic IP or static IP: 54.157.74.30 DNS address for this is: ec2–54–157–74–30.compute-1.amazonaws.com

We open the application with IP, and AWS native DNS address, and our application is showing web UI correctly.

Image 1 — Public IP as available on AWS instance
Image 2 — Accessing Splunk UI using the Public IP
Image 3 — Accessing Splunk UI using the DNS address
Image 4 — Validation — DNS validation is updated and recognizable online

Step 2 — Domain Name Creation

Now, we are creating a random domain name and associating our IP with the DNS name i.e. banyantree.work.gd and ensuring that our application web UI is opening with it.

Image 5
Image 6
Image 7
Image 8
Image 9

Step 3 — Certification Generation

Now, we are getting the certificates made for the domain name banyantree.work.gd

Image 10
Image 11
Image 12
Image 13
Image 14
Image 15

from the dashboard, we can get the below files —

  1. SSL cert,

2. private key (don't trust this mechanism much for sensitive data transfer, this is good for testing purposes only), and

3. intermediate/root CA certs.

4. as well as the domain CSR — which can be put into the CSR decoder to verify the details.

Image 16
Image 17
Image 18

Step 4 — Validation of generated certs and keys

image 19
Image 20
Image 21
Image 22
Image 23
Image 24
Image 25
Image 26
Image 27
Image 28

Result
Now, we have the server cert, key, and intermediate/root CA cert.

This can be used on the Splunk host for data in motion or webUI encryption purposes. This will be covered in the next part of this blog series.

Your comments and suggestions are welcomed.

Cribl
Splunk
Tls
Certificate
Encryption

--

--

InfoSecNinja

Written by InfoSecNinja

22 Followers

I help enterprises to keep ahead of their adversaries by helping them realize the hidden value of their enterprise data!

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams