topic Re: Which default certificate should I use to certify my HTTP Event Collector in Security

Which default certificate should I use to certify my HTTP Event Collector

llovell — Thu, 01 Aug 2019 17:56:01 GMT

I am running some C# code that sends a POST request to my Splunk HTTP Event Collector at the following URL - https://localhost:8088/services/collector/raw to submit a log

I am getting the following error: Peer certificate cannot be authenticated with given CA certificates ( If I make the request in Postman my logs are submitted no problem )

I am thinking that I need to load my Splunk servers default certificate onto the machine I am making the request from. If this is correct I need to know which of the default certificates ( this is just for testing purposes ) I should be loading that would be specific to my HEC. And also if the correct certificates I'm looking for are located here C:\Program Files\Splunk\etc\auth

Re: Which default certificate should I use to certify my HTTP Event Collector

jkat54 — Thu, 01 Aug 2019 19:44:20 GMT

ca.pem is the splunk ca
server.pem is what will run by default on 8089

I believe it is also used for HEC by default.

Hope that helps!

You can check which cert is in use with openssl

 openssl s_client -connect yourhost:hecport

Openssl can be found in splunkhome/bin

Re: Which default certificate should I use to certify my HTTP Event Collector

llovell — Thu, 01 Aug 2019 20:38:25 GMT

Thank you for your answer. I verified that server.pem is in use using openssl. That should be what I need, thanks again

Re: Which default certificate should I use to certify my HTTP Event Collector

jkat54 — Thu, 01 Aug 2019 21:15:33 GMT

Cheers! It was my pleasure!