Deployment Architecture
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- What are the passphrases for the .pem files in the...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
frankcryptact
Engager
04-19-2019
05:14 AM
Hello!
What are the passphrases for the client.pem and server.pem files in the Universal Forwarder Credentials file, splunkclouduf.spl?
I've tried the following passphrases without success:
- my Splunk account password. It had the maximum allowed characters, 64.
changeme- updating my password to something simpler in https://www.splunk.com/my-account/en_us#/profile-details , re-downloading the
splunkclouduf.spland trying new password for the passphrase with this command:openssl rsa -in client.pem -out no_client.pem.
Thank you in advance!
P.S. For a little background, I'm trialing Splunk Cloud. I'm trying to send logs from my kubernetes cluster to Splunk Cloud using https://github.com/splunk/splunk-connect-for-kubernetes.
I've opened a Splunk account, created the indexes and downloaded the Universal Forwarder Credentials file, splunkclouduf.spl and untarred it which produced the 5 files: cacert.pem , client.pem, limits.conf, outputs.conf and server.pem.
The problem is that the .pem files have passphrases. So setting just setting them in the global.splunk.hec.clientCert, global.splunk.hec.clientKey and global.splunk.hec.caFile settings is producing TLS errors.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
frankcryptact
Engager
04-23-2019
04:28 AM
@woodcock Thank you for the reply. Those weren't accepted as the passphrase, but the outputs.conf file has a line entry of sslPassword = xxxxx, where xxxxx seems to be the passphrase.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
frankcryptact
Engager
04-23-2019
04:28 AM
@woodcock Thank you for the reply. Those weren't accepted as the passphrase, but the outputs.conf file has a line entry of sslPassword = xxxxx, where xxxxx seems to be the passphrase.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
04-23-2019
08:56 AM
OK, you should click Accept to close the question.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
04-22-2019
10:21 PM
I don't know why it matters or why you would care but Splunk typically uses the name as the value for defaults (like the default password is password), so try passphrase or null/nothing.
Get Updates on the Splunk Community!
.conf25 Registration is OPEN!
Ready. Set. Splunk!
Your favorite Splunk user event is back and better than ever. Get ready for more technical ...
Detecting Cross-Channel Fraud with Splunk
This article is the final installment in our three-part series exploring fraud detection techniques using ...
Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside
Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...
