https://community.splunk.com/t5/Security/What-is-the-most-simple-way-to-enable-SSL-communication-between/m-p/47948#M1584 <P>you got it. </P> <P>Using the built-in certs on our UF's and indexers. We've managed to get SSL working for splunkTOsplunk communication using the following in/outputs.conf</P> <P>Indexer: $splunk_home/etc/system/local/inputs.conf</P> <PRE><CODE>[default] host = indexerA1.chubbybunny.com [splunktcp-ssl:9997] compressed = true [SSL] password = password requireClientCert = false rootCA = $SPLUNK_HOME/etc/auth/ca.pem serverCert = $SPLUNK_HOME/etc/auth/server.pem </CODE></PRE> <P>Forwarder: $splunk_home/etc/system/local/outputs.conf</P> <PRE><CODE>[tcpout] defaultGroup = splunkssl [tcpout:splunkssl] compressed = true server = indexerA1.chubbybunny.com:9997 sslCertPath = $SPLUNK_HOME/etc/auth/server.pem sslPassword = password sslRootCAPath = $SPLUNK_HOME/etc/auth/ca.pem sslVerifyServerCert = false </CODE></PRE> <P>*while this simply secures the communication channel between the two, using the default certs comes with a risk. <BR /> Also - the default password for both (server.pem &amp; ca.pem) is: password </P> Wed, 28 Nov 2012 19:38:36 GMT Chubbybunny 2012-11-28T19:38:36Z https://community.splunk.com/t5/Security/What-is-the-most-simple-way-to-enable-SSL-communication-between/m-p/47947#M1583 <P>Does anyone know where I can find a working configuration that shows splunk2splunk using ssl? I would really appreciate a working example</P> Wed, 28 Nov 2012 19:26:35 GMT https://community.splunk.com/t5/Security/What-is-the-most-simple-way-to-enable-SSL-communication-between/m-p/47947#M1583 jbsplunk 2012-11-28T19:26:35Z https://community.splunk.com/t5/Security/What-is-the-most-simple-way-to-enable-SSL-communication-between/m-p/47948#M1584 <P>you got it. </P> <P>Using the built-in certs on our UF's and indexers. We've managed to get SSL working for splunkTOsplunk communication using the following in/outputs.conf</P> <P>Indexer: $splunk_home/etc/system/local/inputs.conf</P> <PRE><CODE>[default] host = indexerA1.chubbybunny.com [splunktcp-ssl:9997] compressed = true [SSL] password = password requireClientCert = false rootCA = $SPLUNK_HOME/etc/auth/ca.pem serverCert = $SPLUNK_HOME/etc/auth/server.pem </CODE></PRE> <P>Forwarder: $splunk_home/etc/system/local/outputs.conf</P> <PRE><CODE>[tcpout] defaultGroup = splunkssl [tcpout:splunkssl] compressed = true server = indexerA1.chubbybunny.com:9997 sslCertPath = $SPLUNK_HOME/etc/auth/server.pem sslPassword = password sslRootCAPath = $SPLUNK_HOME/etc/auth/ca.pem sslVerifyServerCert = false </CODE></PRE> <P>*while this simply secures the communication channel between the two, using the default certs comes with a risk. <BR /> Also - the default password for both (server.pem &amp; ca.pem) is: password </P> Wed, 28 Nov 2012 19:38:36 GMT https://community.splunk.com/t5/Security/What-is-the-most-simple-way-to-enable-SSL-communication-between/m-p/47948#M1584 Chubbybunny 2012-11-28T19:38:36Z https://community.splunk.com/t5/Security/What-is-the-most-simple-way-to-enable-SSL-communication-between/m-p/47949#M1585 <P>If you prefer to use your own certificates, you can also check out the following topic in the Securing Splunk guide:</P> <P><A href="http://docs.splunk.com/Documentation/Splunk/5.0.1/Security/ConfigureSplunkforwardingtousesignedcertificates">http://docs.splunk.com/Documentation/Splunk/5.0.1/Security/ConfigureSplunkforwardingtousesignedcertificates</A></P> Wed, 28 Nov 2012 19:45:29 GMT https://community.splunk.com/t5/Security/What-is-the-most-simple-way-to-enable-SSL-communication-between/m-p/47949#M1585 jworthington_sp 2012-11-28T19:45:29Z https://community.splunk.com/t5/Security/What-is-the-most-simple-way-to-enable-SSL-communication-between/m-p/47950#M1586 <P>updated for Enterprise versions 7.1</P> <P>Indexer: $SPLUNK_HOME/etc/system/local/inputs.conf</P> <PRE><CODE>[default] host = indexerA1.chubbybunny.com [splunktcp-ssl:9997] compressed = true [SSL] sslPassword = password requireClientCert = false sslRootCAPath = $SPLUNK_HOME/etc/auth/ca.pem serverCert = $SPLUNK_HOME/etc/auth/server.pem </CODE></PRE> <P>Forwarder: $SPLUNK_HOME/etc/system/local/outputs.conf</P> <PRE><CODE>[tcpout] defaultGroup = splunkssl [tcpout:splunkssl] compressed = true server = indexerA1.chubbybunny.com:9997 clientCert = $SPLUNK_HOME/etc/auth/server.pem sslPassword = password sslRootCAPath = $SPLUNK_HOME/etc/auth/ca.pem sslVerifyServerCert = false </CODE></PRE> Wed, 13 Jun 2018 18:41:56 GMT https://community.splunk.com/t5/Security/What-is-the-most-simple-way-to-enable-SSL-communication-between/m-p/47950#M1586 georgen_splunk 2018-06-13T18:41:56Z https://community.splunk.com/t5/Security/What-is-the-most-simple-way-to-enable-SSL-communication-between/m-p/47951#M1587 <P>here sslPassword is of ca.pem or server.pem? In case we have different password then which password we are going to use.</P> Mon, 16 Jul 2018 15:24:51 GMT https://community.splunk.com/t5/Security/What-is-the-most-simple-way-to-enable-SSL-communication-between/m-p/47951#M1587 sayash27 2018-07-16T15:24:51Z