topic Re: Deployment server https - no client certificate in Security

Deployment server https - no client certificate

lux209 — Fri, 11 Jul 2025 09:28:39 GMT

Hello,

I'm looking to secure the connection to our deployment server using HTTPS following this doc:
https://docs.splunk.com/Documentation/Splunk/9.4.2/Security/Securingyourdeploymentserverandclients

I'm wondering if having client certificate is mandatory or if it would be possible to only install a certificate on the DS server itself ? I don't need the to have mTLS, my goal is only to have an encrypted connection between the server and the clients.

Thanks for you help
Lucas

Re: Deployment server https - no client certificate

livehybrid — Fri, 11 Jul 2025 10:14:40 GMT

Hi @lux209

It is not required to use mTLS if you do not want to (I dont usually have mTLS on client->DS comms as for using SSL is enough for me).

Set in the server.conf set [sslConfig]/requireClientCert stanza to false (which I think is the default).

For me the reason you might want to use clientCert on a DS is if you wanted to ensure that no other hosts could connect to your DS and receive its configuration, which may contain sensitive credentials/configurations (e.g. certs to send to your indexers). If this is low risk for you (e.g. not publicly accessible) then it sounds like having requireClientCert to false would suffice.

🌟 Did this answer help you? If so, please consider:

Adding karma to show it was useful
Marking it as the solution if it resolved your issue
Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Re: Deployment server https - no client certificate

lux209 — Fri, 11 Jul 2025 10:51:07 GMT

Great thank you for the quick answer and the information !

Lucas