https://community.splunk.com/t5/Getting-Data-In/Simple-forwarder-encryption/m-p/117275#M24422 <P>What you need is in the Splunk documentation at <A href="http://docs.splunk.com/Documentation/Splunk/latest/Security/Aboutsecuringdatafromforwarders">http://docs.splunk.com/Documentation/Splunk/latest/Security/Aboutsecuringdatafromforwarders</A></P> Fri, 27 Mar 2015 16:51:13 GMT starcher 2015-03-27T16:51:13Z https://community.splunk.com/t5/Getting-Data-In/Simple-forwarder-encryption/m-p/117274#M24421 <P>Is it possible to configure a universal forwarder to encrypt WITHOUT requiring mutual auth? Like how most browsers work with HTTPS sites? Don't need to authenticate the client just prevent eavesdropping.</P> Fri, 27 Mar 2015 16:44:40 GMT https://community.splunk.com/t5/Getting-Data-In/Simple-forwarder-encryption/m-p/117274#M24421 defaultdeny 2015-03-27T16:44:40Z https://community.splunk.com/t5/Getting-Data-In/Simple-forwarder-encryption/m-p/117275#M24422 <P>What you need is in the Splunk documentation at <A href="http://docs.splunk.com/Documentation/Splunk/latest/Security/Aboutsecuringdatafromforwarders">http://docs.splunk.com/Documentation/Splunk/latest/Security/Aboutsecuringdatafromforwarders</A></P> Fri, 27 Mar 2015 16:51:13 GMT https://community.splunk.com/t5/Getting-Data-In/Simple-forwarder-encryption/m-p/117275#M24422 starcher 2015-03-27T16:51:13Z https://community.splunk.com/t5/Getting-Data-In/Simple-forwarder-encryption/m-p/117276#M24423 <P>This does not answer my question. Question was answered via IRC by bosburn. The answer is that Splunk does not support this simple mode of encryption. I propose that this feature be added. Something like UseSSL = 1 instead of having to drop a client cert and configure a password on all end-points.</P> Fri, 27 Mar 2015 17:49:12 GMT https://community.splunk.com/t5/Getting-Data-In/Simple-forwarder-encryption/m-p/117276#M24423 defaultdeny 2015-03-27T17:49:12Z https://community.splunk.com/t5/Getting-Data-In/Simple-forwarder-encryption/m-p/117277#M24424 <P>Yes and no. Total agreement that <CODE>useSSL=1</CODE> would be ideal. When a forwarder is set up to use SSL, providing a certificate to authenticate with is the only way to enable SSL. BUT, the indexer-side's inputs.conf decides whether a client certificate is actually needed to authenticate or not. I would like to see the forwarder side decouple "I would like to use SSL" from "Here is my client certificate"...</P> <P>Also Brian rocks.</P> Sun, 07 Aug 2016 17:46:40 GMT https://community.splunk.com/t5/Getting-Data-In/Simple-forwarder-encryption/m-p/117277#M24424 dwaddle 2016-08-07T17:46:40Z https://community.splunk.com/t5/Getting-Data-In/Simple-forwarder-encryption/m-p/117278#M24425 <P>plus 1 - on useSSL=1 managing certs in a large forwarder environment is not much fun</P> Thu, 01 Sep 2016 13:17:52 GMT https://community.splunk.com/t5/Getting-Data-In/Simple-forwarder-encryption/m-p/117278#M24425 ebaileytu 2016-09-01T13:17:52Z