All Apps and Add-ons

Microsoft Teams Add-On Internal Certs

jscraig2006
Communicator

Greetings Community,

Does anyone know if internal certs are ok to use for the Microsoft Team add-on Web-hook and Subscription? We have a public accessible IP NATing to our HF for port 4444. 

Thanks in advance

~John

@jconger 

Labels (1)
0 Karma

jconger
Splunk Employee
Splunk Employee

The webhook URL for the subscription input must use a certificate signed by a public CA.  A lot of customers use the address of a load balancer or reverse proxy for the webhook URL.  Then, network rules are set up to forward that traffic to one or more Splunk Heavy Forwarders running the Teams webhook input.  Internal certificates can be used for this part if desired.  On a purely technical level, you do not have to use a certificate from the load balancer to the HF.

Example traffic flow:

MSFT == HTTPS ==> Webhook URL (load balancer) == (HTTP|HTTPS) ==> HF running a Teams webhook input

 

Screen Shot 2021-03-29 at 5.23.17 PM.png

0 Karma

jscraig2006
Communicator

@jconger We have our public cert from Entrust. Where do these reside? Our set up for this is public_host_name and IP ==> Firewall Port Forwarding (Public IP to HF) ===> HF with Teams. 

Thanks

0 Karma

jscraig2006
Communicator

Thanks Jason, So if we get a public cert and create a DNS record added to our external DNS servers for that public IP and assign the public cert to the Splunk HF, would that work?

0 Karma