splunk createssl
-
Creates Secure Sockets Layer (SSL) certificates for secure connections to Splunk Web and between instances of Splunk. Syntax: ./splunk createssl [[audit-keys] [-d <destination_dir>] [-p <privatekey_path>] [-k <publickey_path>] [-l <bit_length>]] [[server-cert [-d <rootca_dir>] [-n <certificate_name>] [-c <cert_CommonName>] [-l <RSA_keylength>] [-p]] [[web-cert [-n <cert_CommonName>] [-l <RSA_keylength>]] You must supply one of the following arguments and its associated flags for the command to be valid: audit-keys server-cert web-cert Supported flags and arguments: audit-keys: Generates a public and private authentication key. Supported flags: -d <destination_directory> # defaults to etc/auth/audit -p <path to write the private key> # defaults to <dest_dir>/private.pem -k <path to write the public key> # defaults to <dest-dir>/public.pem -l <key length in bits> # defaults to 1024 Note: To specify the -d flag, you must also set the -p and -k flags to include the same flags. Otherwise, Splunk will place the public and private key files in the default directory. server-cert: Generates root CA and other server certificates. Supported flags: -d: Directory where root CA and other certs are stored. (required) -n: The name of the cert. (required) -c: The CommonName for the cert. This should match the DNS name. If DNS is not available then the IP will suffice. -l: Length of the RSA key to generate (default 1024). -p: Prompt for optional arguments (shown below). Note: The -d flag points to the location where input CAs are located, and also create the server cert. You cannot select an empty directory. Optional arguments are: - key password/passphrase - company info (name, locaiton, org unit) - key owner info (name, email) web-cert: Generates an SSL certificate for Splunk Web. Supported flags: -n: The CommonName of the cert. This shuld match the DNS name. If DNS is not available then the IP will suffice. -l: Length of the RSA key to generate (default 1024).
© Lightnetics 2024