Learning about wazuh

How to Secure Your Wazuh Open Source SIEM

/ Uncategorized / By

How to Secure Your Wazuh Dashboard with SSL (HTTPS) – Step-by-Step Guide [2025]

Wazuh is one of the best open-source SIEM solutions available—but if you’re not using SSL/HTTPS, you’re leaving your dashboard wide open to risks. In this guide, we’ll show you exactly how to enable SSL on your Wazuh dashboard using the built-in self-signed certificate, whether you’re running Wazuh locally or in the cloud.

 Perfect for:

  • Beginners setting up Wazuh on Ubuntu

  • Cybersecurity students and professionals

  • MSSPs building a secure client monitoring stack

  • Anyone using domains like login.securetus.com behind Cloudflare


Why SSL Matters for Wazuh

By default, Wazuh uses a self-signed certificate to enable HTTPS access, but if not configured properly or accessed through the right domain, you’ll run into annoying browser warnings—or worse, expose login traffic over insecure HTTP.

SSL (Secure Sockets Layer) ensures:

  • Encrypted communication between browser and server

  • Defense against MITM (man-in-the-middle) attacks

  • Improved trust and security for multi-client MSSP setups

 What You’ll Need Before You Start

  • A running Wazuh all-in-one server (Ubuntu 24.04 recommended)

  • A domain name (e.g., login.securetus.com)

  • DNS management access (Bluehost, Cloudflare, etc.)

  • Port 443 open in your server’s firewall

  • Optional: Cloudflare Free Plan for secure proxy and HTTPS

Step 1: Point Your Domain to the Wazuh Server

Log into your DNS provider (Bluehost, GoDaddy, etc.) and set an A Record like this:

  • Type: A

  • Name: login.securetus.com

  • Points to: your Wazuh server’s public IP (e.g., 48.217.84.15)

  • TTL: 1 or 4 hours is fine

Wait for propagation (usually 15–30 mins).

 Step 2: Access Wazuh via HTTPS

Wazuh already enables HTTPS by default with a self-signed certificate. Once DNS has propagated, try visiting:

 
https://yourdomain.com

 You might see a warning like “Your connection is not private.” This is expected with self-signed SSL. Click Advanced > Proceed to continue.

 Step 3: (Optional) Secure with Cloudflare

To clean up SSL errors and protect your Wazuh dashboard with a proxy firewall, use Cloudflare:

  1. Add your domain to Cloudflare

  2. Enable Flexible SSL or Full (Strict) mode

  3. Proxy traffic to your IP (Orange cloud = ON)

Now your users get a green HTTPS lock even with a self-signed backend!

Bonus: Lock Down Access

Consider limiting access to your dashboard by:

  • Whitelisting IPs using Cloudflare rules or UFW on Ubuntu

  • Changing default login credentials

  • Setting up 2FA for dashboard users (coming in advanced guide)

 Final Test

Visit your Wazuh dashboard:

https://yourdomain.com

 You should see your login screen over HTTPS, protected with SSL, even if it’s self-signed. Mission accomplished!

Wrapping Up

You’ve now secured your Wazuh dashboard with HTTPS! Whether you’re running an MSSP like Securetus or just tinkering at home, this basic SSL setup gives you safer access to your security data.

 

Tags:

#Wazuh #SIEM #SSL #HTTPS #Ubuntu #Cloudflare #Cybersecurity #Securetus #LinuxSecurity #WazuhTutorial