Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can we setup TLS connection without private key for third party certificates.

VK18
Explorer
‎08-28-2023 12:17 AM

Hi Team,

I would like to establish an SSL/TLS-connection with third party CA certificates between the UFs -> HFs -> indexers.

The order which i'm following to configure the TLS connection is below.

-----BEGIN CERTIFICATE-----
... (certificate for your server)...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
...<Server Private Key – Passphrase protected>
-----END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
... (the certificate authority certificate)...
-----END CERTIFICATE-----

Now, the question here is, can we remove RSA private key from the certficate. Do we need private key in order to establish the secure connection to the HF from UF?

Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎08-28-2023 12:57 AM

OK. Are you aware how TLS in particular and PKi and asymmetric cryptography in general works?

If you want to just authenticate the other party (for example - want to make sure at your forwarder that the indexer you're connecting to is the one it claims to be), all you need on your forwarder is the certificate (just the certificate) of the CA used to issue the indexer's certificate.

But if you need to authenticate yourself as the forwarder to the indexer, you need both the certificate you got issued by the CA as well as your own private key. That's why it's called private key - it's something unique to you and you don't disclose it to any other parties. It's used to encrypt stuff during the communication so that other parties can decrypt it with your public key (included in the certificate).

For your own security, please, please, please get someone with TLS/PKI working experience involved and please read a bit about how it all works otherwise you can hurt yourself.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-28-2023 12:46 AM

Hi @VK18,

you have to establich a secure connection before between UFs and HFs probably using one password, then another secure connection between HFs and Indexers probably using another password,

but you can also use the same for both also because the password isn't readable because it's encrypted at the first restart.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...