Deployment Architecture

Deploying SSL between Forwarder and Indexer

kobibi11
New Member

Hello,

I wanted to request help with how configuring  correctly SSL between Universal -> Indexer.

I tried following this procedure:
https://docs.splunk.com/Documentation/Splunk/8.2.1/Security/Howtoself-signcertificates

And I ended with two public certificates:

  • myServerCertificate.pem
  • myServerPrivateKey.key
  • myCACertificate.pem

Afterwards I prepared the certificate in the following order:
https://docs.splunk.com/Documentation/Splunk/8.2.1/Security/HowtoprepareyoursignedcertificatesforSpl...

cat myServerCertificate.pem myServerPrivateKey.key myCACertificate.pem > myNewServerCertificate.pem

This resulted with a signed server certificate with a chain of the authority.

I am struggling with understating what exactly goes where and in case I understand it, how do I add one more cert to another server?..

My mind says, Indexer has to have the private key -> (Not sure whether the authorities key, or the server key or the chain).

And what the forwarder needs to have is -> only public key. (Not sure what)

Summary of what I have running the whole commands:
myCAPrivateKey.key
myCACertificate.csr
myCACertificate.pem
myServerPrivateKey.key
myServerCertificate.csr
myServerCertificate.pem
myNewServerCertificate.pem

Appreciate your help.

Labels (2)
0 Karma

ephemeric
Contributor

May I suggest using https://github.com/OpenVPN/easy-rsa?

The concept is like so:

- you generate a keypair for the client (SUF)

- you generate a keypair for the server (receiver, indexer etc.)

- the client and server each have the same CA cert

So three files on the server and three files on the client in a single file.

This is the simplest setup.

0 Karma
Get Updates on the Splunk Community!

Splunk Certification Support Alert | Pearson VUE Outage

Splunk Certification holders and candidates!  Please be advised of an upcoming system maintenance period for ...

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...