I want to configure a certificate for Splunk so that I could make API requests to it on port 8089. Currently the following command fails because Splunk's default certificate is used, and the default certificate doesn't work for the hostname my.splunk.server:
curl -s -u admin:password https://my.splunk.server:8089/services/search/jobs \
-d search='search some search term'
How can I configure the certificate?
Take a look at this documentation page. The file you need to modify is /opt/splunk/etc/system/local/server.conf. That file is responsible for managing the SSL for port 8089.
Specifically, you need to edit the sslConfig section of the file. Here's an example configuration which works:
[sslConfig]
sslPassword = <ssl password here>
enableSplunkdSSL = true
serverCert = /path/to/your/certificate.pem
Note that the sslPassword line already existed, and I did not need to create one myself.
certificate.pem should contain both your public and private keys.
As a sidenote, if you wish to configure SSL for Splunk's port 8000, then the file you need to change is web.conf. The documentation specifies how that can be configured as well.