Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can we setup TLS connection without private key for third party certificates.

VK18
Explorer
‎08-28-2023 12:17 AM

Hi Team,

I would like to establish an SSL/TLS-connection with third party CA certificates between the UFs -> HFs -> indexers.

The order which i'm following to configure the TLS connection is below.

-----BEGIN CERTIFICATE-----
... (certificate for your server)...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
...<Server Private Key – Passphrase protected>
-----END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
... (the certificate authority certificate)...
-----END CERTIFICATE-----

Now, the question here is, can we remove RSA private key from the certficate. Do we need private key in order to establish the secure connection to the HF from UF?

Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎08-28-2023 12:57 AM

OK. Are you aware how TLS in particular and PKi and asymmetric cryptography in general works?

If you want to just authenticate the other party (for example - want to make sure at your forwarder that the indexer you're connecting to is the one it claims to be), all you need on your forwarder is the certificate (just the certificate) of the CA used to issue the indexer's certificate.

But if you need to authenticate yourself as the forwarder to the indexer, you need both the certificate you got issued by the CA as well as your own private key. That's why it's called private key - it's something unique to you and you don't disclose it to any other parties. It's used to encrypt stuff during the communication so that other parties can decrypt it with your public key (included in the certificate).

For your own security, please, please, please get someone with TLS/PKI working experience involved and please read a bit about how it all works otherwise you can hurt yourself.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-28-2023 12:46 AM

Hi @VK18,

you have to establich a secure connection before between UFs and HFs probably using one password, then another secure connection between HFs and Indexers probably using another password,

but you can also use the same for both also because the password isn't readable because it's encrypted at the first restart.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...