Getting Data In

Can we setup TLS connection without private key for third party certificates.

VK18
Explorer

Hi Team,

I would like to establish an SSL/TLS-connection with third party CA certificates between the UFs -> HFs -> indexers.

The order which i'm following to configure the TLS connection is below.

-----BEGIN CERTIFICATE-----
... (certificate for your server)...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
...<Server Private Key – Passphrase protected>
-----END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
... (the certificate authority certificate)...
-----END CERTIFICATE-----

Now, the question here is, can we remove RSA private key from the certficate. Do we need private key in order to establish the secure connection to the HF from UF?

Labels (1)
0 Karma

PickleRick
SplunkTrust
SplunkTrust

OK. Are you aware how TLS in particular and PKi and asymmetric cryptography in general works?

If you want to just authenticate the other party (for example - want to make sure at your forwarder that the indexer you're connecting to is the one it claims to be), all you need on your forwarder is the certificate (just the certificate) of the CA used to issue the indexer's certificate.

But if you need to authenticate yourself as the forwarder to the indexer, you need both the certificate you got issued by the CA as well as your own private key. That's why it's called private key - it's something unique to you and you don't disclose it to any other parties. It's used to encrypt stuff during the communication so that other parties can decrypt it with your public key (included in the certificate).

For your own security, please, please, please get someone with TLS/PKI working experience involved and please read a bit about how it all works otherwise you can hurt yourself.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @VK18,

you have to establich a secure connection before between UFs and HFs probably using one password, then another secure connection between HFs and Indexers probably using another password,

but you can also use the same for both also because the password isn't readable because it's encrypted at the first restart.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...