https://community.splunk.com/t5/Security/HEC-Invalid-SSL-Certificate/m-p/383666#M9407 <P>Hi,<BR /> I'm using Splunk Cloud with an HEC configured via Settings --&gt; Data Inputs --&gt; HTTP Event Collector<BR /> I can submit an event via <CODE>curl</CODE>, but when attempting to send via AWS Firehose, it fails with an SSL error.<BR /> It appears that the SSL cert installed on the HEC is a self-signed certificate.</P> <P>How can I get the Splunk Cloud HEC configured with a valid cert?</P> Thu, 02 Aug 2018 19:34:15 GMT aaptiv_engineer 2018-08-02T19:34:15Z https://community.splunk.com/t5/Security/HEC-Invalid-SSL-Certificate/m-p/383666#M9407 <P>Hi,<BR /> I'm using Splunk Cloud with an HEC configured via Settings --&gt; Data Inputs --&gt; HTTP Event Collector<BR /> I can submit an event via <CODE>curl</CODE>, but when attempting to send via AWS Firehose, it fails with an SSL error.<BR /> It appears that the SSL cert installed on the HEC is a self-signed certificate.</P> <P>How can I get the Splunk Cloud HEC configured with a valid cert?</P> Thu, 02 Aug 2018 19:34:15 GMT https://community.splunk.com/t5/Security/HEC-Invalid-SSL-Certificate/m-p/383666#M9407 aaptiv_engineer 2018-08-02T19:34:15Z https://community.splunk.com/t5/Security/HEC-Invalid-SSL-Certificate/m-p/383667#M9408 <P>Hi, <BR /> I would recomend you use a Heavy Forwarder as your HEC endpoint, then send your data on to the Splunk Cloud via normal forwarder method.<BR /> A ticket would need to be raised with the Splunk Cloud team, to get the Certificate fixed.<BR /> If you do this via a heavy forwarder, look through this section of the manual <A href="https://docs.splunk.com/Documentation/Splunk/7.1.2/Security/AboutsecuringyourSplunkconfigurationwithSSL">"AboutsecuringyourSplunkconfigurationwithSSL"</A><BR /><BR /> If you would like a good presentation to talk you through setting up, this is a simple guide around the SSL certificate. <A href="https://conf.splunk.com/session/2015/conf2015_DWaddle_DefensePointSecurity_deploying_SplunkSSLBestPractices.pdf">Best Practices Configuration for Splunk SSL</A></P> <P><A href="https://docs.splunk.com/Documentation/Splunk/7.1.2/Security/AboutsecuringyourSplunkconfigurationwithSSL">https://docs.splunk.com/Documentation/Splunk/7.1.2/Security/AboutsecuringyourSplunkconfigurationwithSSL</A><BR /> <A href="https://conf.splunk.com/session/2015/conf2015_DWaddle_DefensePointSecurity_deploying_SplunkSSLBestPractices.pdf">https://conf.splunk.com/session/2015/conf2015_DWaddle_DefensePointSecurity_deploying_SplunkSSLBestPractices.pdf</A></P> Tue, 28 Aug 2018 10:52:34 GMT https://community.splunk.com/t5/Security/HEC-Invalid-SSL-Certificate/m-p/383667#M9408 Albakercss 2018-08-28T10:52:34Z