https://community.splunk.com/t5/Splunk-Enterprise/Disable-TLS-certificate-for-inter-Splunk-communication-in-Splunk/m-p/676538#M18588 <P>Hi Splunk experts,</P><P>We have Splunk enterprise which is running on Linux. Is there any option that we can disable or skip secure inter-splunk communication for REST APIs?</P><P>Please suggest me</P><P>Thank you in advance.</P><P>Regards,</P><P>Eshwar</P><P>&nbsp;</P> Mon, 05 Feb 2024 06:58:30 GMT Eshwar 2024-02-05T06:58:30Z https://community.splunk.com/t5/Splunk-Enterprise/Disable-TLS-certificate-for-inter-Splunk-communication-in-Splunk/m-p/676538#M18588 <P>Hi Splunk experts,</P><P>We have Splunk enterprise which is running on Linux. Is there any option that we can disable or skip secure inter-splunk communication for REST APIs?</P><P>Please suggest me</P><P>Thank you in advance.</P><P>Regards,</P><P>Eshwar</P><P>&nbsp;</P> Mon, 05 Feb 2024 06:58:30 GMT https://community.splunk.com/t5/Splunk-Enterprise/Disable-TLS-certificate-for-inter-Splunk-communication-in-Splunk/m-p/676538#M18588 Eshwar 2024-02-05T06:58:30Z https://community.splunk.com/t5/Splunk-Enterprise/Disable-TLS-certificate-for-inter-Splunk-communication-in-Splunk/m-p/676544#M18589 <P><SPAN>Hi,</SPAN></P><P><SPAN>According to the documentation, you can do this, but it is strongly discouraged. In the correct scenario, it would be more sensible to use a signed certificate or perform SSL forwarding on a load balancer. I recommend against testing this in a production environment.</SPAN></P><P>&nbsp;</P><LI-CODE lang="markup">in $SPLUNK_HOME/etc/system/local/server.conf [sslConfig] enableSplunkdSSL = false</LI-CODE><P>&nbsp;</P><PRE>[sslConfig] * Set SSL for communications on Splunk back-end under this stanza name. * NOTE: To set SSL (for example HTTPS) for Splunk Web and the browser, use the web.conf file. * Follow this stanza name with any number of the following setting/value pairs. * If you do not specify an entry for each setting, the default value is used. enableSplunkdSSL = &lt;boolean&gt; * Enables/disables SSL on the splunkd management port (8089) and KV store port (8191). * NOTE: Running splunkd without SSL is not recommended. * Distributed search often performs better with SSL enabled. * Default: true</PRE> Mon, 05 Feb 2024 07:59:58 GMT https://community.splunk.com/t5/Splunk-Enterprise/Disable-TLS-certificate-for-inter-Splunk-communication-in-Splunk/m-p/676544#M18589 batabay 2024-02-05T07:59:58Z https://community.splunk.com/t5/Splunk-Enterprise/Disable-TLS-certificate-for-inter-Splunk-communication-in-Splunk/m-p/676606#M18597 <P>Hi</P><P>as already said by&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/245720">@batabay</a>&nbsp;don't disable it. Even you are using Splunk's internal certs it's better than without it.</P><P>If you have issue to use that e.g. with cURL or other tools you could accept those cert within those command. Like "curl -k". Or other option (better) is just replace those Splunk's internal certs with official certs.</P><P>See&nbsp;<A href="https://docs.splunk.com/Documentation/Splunk/latest/Security/AboutsecuringyourSplunkconfigurationwithSSL" target="_blank">https://docs.splunk.com/Documentation/Splunk/latest/Security/AboutsecuringyourSplunkconfigurationwithSSL</A>&nbsp;and&nbsp;<A href="https://conf.splunk.com/files/2023/slides/SEC1936B.pdf" target="_blank">https://conf.splunk.com/files/2023/slides/SEC1936B.pdf</A></P><P>r. Ismo</P> Mon, 05 Feb 2024 15:25:31 GMT https://community.splunk.com/t5/Splunk-Enterprise/Disable-TLS-certificate-for-inter-Splunk-communication-in-Splunk/m-p/676606#M18597 isoutamo 2024-02-05T15:25:31Z