&*%$# Splunk’ing HTTPs
If it wasn’t for Google deprecating HTTP on browsers, we would probably still be accessing the majority of our Web sites with HTTP. In case you don’t know, HTTP on its own does not have any security on the transmitted data. But that is only part of it, as you cannot tell if you are connecting to a trusted web site. So, there are no excuses, companies need to get a certificate on the site, and migrate towards HTTPs is a default. And so setting up HTTPs was fine for my main Web site, but my Splunk training environment just didn’t want to boot into HTTPs. As we have a new MOOC coming up in Cyber&Data, I had to get HTTPs installed for Splunk, as it doesn’t look good to have a site which trains people about security and can’t even prove its identity.
Splunking HTTPs
You know when you get stuck on something, and it just won’t work? Well, I got stuck with installing a simple certificate on Splunk. So, just in case I get it again, or if someone else struggles with it, here my solution. The first thing I must say is that there are many tutorials which show the setup of a self-signed certificate in Splunk. Please just avoid this, as it has no real credibility these days, and many browsers will mark as a risk, as the server is not identifying itself properly. What we need is a certificate and private key which is signed by a trusted entity.
