All Apps and Add-ons

Microsoft Teams Add-On Internal Certs

jscraig2006
Communicator

Greetings Community,

Does anyone know if internal certs are ok to use for the Microsoft Team add-on Web-hook and Subscription? We have a public accessible IP NATing to our HF for port 4444. 

Thanks in advance

~John

@jconger 

Labels (1)
0 Karma

jconger
Splunk Employee
Splunk Employee

The webhook URL for the subscription input must use a certificate signed by a public CA.  A lot of customers use the address of a load balancer or reverse proxy for the webhook URL.  Then, network rules are set up to forward that traffic to one or more Splunk Heavy Forwarders running the Teams webhook input.  Internal certificates can be used for this part if desired.  On a purely technical level, you do not have to use a certificate from the load balancer to the HF.

Example traffic flow:

MSFT == HTTPS ==> Webhook URL (load balancer) == (HTTP|HTTPS) ==> HF running a Teams webhook input

 

Screen Shot 2021-03-29 at 5.23.17 PM.png

0 Karma

jscraig2006
Communicator

@jconger We have our public cert from Entrust. Where do these reside? Our set up for this is public_host_name and IP ==> Firewall Port Forwarding (Public IP to HF) ===> HF with Teams. 

Thanks

0 Karma

jscraig2006
Communicator

Thanks Jason, So if we get a public cert and create a DNS record added to our external DNS servers for that public IP and assign the public cert to the Splunk HF, would that work?

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...