topic Configuring SSL on universal forwarder in Security

Configuring SSL on universal forwarder

gekoner — Fri, 20 May 2011 17:12:55 GMT

I am attempting to upgrade an existing LFC on a Windows server and use a SSL certificate for encryption and authentication of this machine.
I am attempting to use a certificate issued by our own certificate authority (CA).
I have followed the instructions as outlined in; http://www.splunk.com/base/Documentation/latest/Deploy/DeployaWindowsdfmanually and read http://www.splunk.com/base/Documentation/latest/Admin/UseSSLtoencryptandauthenticatedatafromforwarders

I did this through the installation wizard (GUI), just to see what it requests.
I specify a computer certificate, the password and a Root CA certificate to verify the identity of the certificate in .cer format.
No matter what I do I get a SSLCommon error either that “can’t read CA list” or “Error initializing SSL context - invalid sslCertPath for server”
My question is; what format do I need to have these files in? Do I need to convert these to .pem files?
I converted the files .pem using openssl but I still get the same error.
Is the privkey supposed to be the CA certificate and associated chain, or the computer certificate private key?

Sample output.conf

sslCertPath = C:\Program Files\SplunkUniversalForwarder\etc\system\local\certs\cert.pem   
sslPassword = $2$Pa$$W0rdHERE=   
sslRootCAPath =C:\Program Files\SplunkUniversalForwarder\etc\system\local\certs\privkey.pem

Re: Configuring SSL on universal forwarder

araitz — Fri, 20 May 2011 18:41:45 GMT

Please include the full stanzas from outputs.conf as well as the full error.

Re: Configuring SSL on universal forwarder

hexx — Sat, 21 May 2011 00:05:24 GMT

The following configuration procedure has been written precisely to address this case :

http://www.splunk.com/wiki/Community:Splunk2Splunk_SSL_3rdPartyCA

If you are unable to configure SSL for your splunk2splunk communication with these instructions, please attempt to follow the troubleshooting steps on that page (section #5) and paste here what you can from the btool output for inputs/outputs.conf and the pertinent (TcpInputProc/TcpOutputProc) splunkd.log lines.

Re: Configuring SSL on universal forwarder

gekoner — Fri, 27 May 2011 19:20:05 GMT

Thanks hexx, I hadn't read those instructions yet.

Re: Configuring SSL on universal forwarder

jeandez — Wed, 29 Jan 2014 09:32:58 GMT

hello, i have been learning splunk by elearning. I am confuse about inputs.conf and outputs.conf file.
I want to know if outputs.conf must be configured only on the forwarder ? and also inputs.conf must be configured only on the indexer ??? coud the two files be configured on the forwarder or on the indexer ?
IN which cases must i configure outputs.conf ??

Thank you !!

Re: Configuring SSL on universal forwarder

mcs24 — Thu, 14 Jul 2016 09:33:44 GMT

I downvoted this post because this is a new question, not a comment.

Re: Configuring SSL on universal forwarder

gekoner — Fri, 15 Jul 2016 05:20:33 GMT

I downvoted this post because this has nothing to do with the original post.