Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Bootstrapping a secure management configuration with company certificates

afx
Contributor
‎05-06-2019 05:46 AM

Distributing certificates to forwarders for the indexer configuration works fine in Splunk.
But what about the management communication?
It seems to be a chicken and egg problem.
Can this be done via the deployment mechanism, sending the forwarders appropriate configuration and certificates?
But then as soon as that configuration is active, the deployment server will no longer accept the connections until that is switched as well. Or is there a fallback mechanism to internal certs that allows a smooth transition?
thx
afx

Reply

brettwilliams
Path Finder
‎10-14-2020 02:24 PM

I've run into this myself...  if a Splunk instance starts, and there is no SSL configuration anywhere, Splunk creates its own in etc/system/local.  Which can't be overridden.  I could conjure up something creative on the Linux forwarders...  but Windows, yeah, right...  not gonna happen.

For the forwarders that I control, this is easy to fix.  But for the forwarders I don't control, I'm just a few mouse clicks away from doom when I'm making changes in Forwarder Management.  If I accidentally pull the 8089 certs, I have to go get many, many people to touch every single forwarder to manually fix it.  Maybe we shouldn't distribute SSL certs for 8089 via deployment server.  But without any other options, at least in my enterprise, I don't see any alternatives.

0 Karma
Reply
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...