Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Can we setup TLS connection without private key for third party certificates.

VK18
Explorer
‎08-28-2023 12:17 AM

Hi Team,

I would like to establish an SSL/TLS-connection with third party CA certificates between the UFs -> HFs -> indexers.

The order which i'm following to configure the TLS connection is below.

-----BEGIN CERTIFICATE-----
... (certificate for your server)...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
...<Server Private Key – Passphrase protected>
-----END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
... (the certificate authority certificate)...
-----END CERTIFICATE-----

Now, the question here is, can we remove RSA private key from the certficate. Do we need private key in order to establish the secure connection to the HF from UF?

Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎08-28-2023 12:57 AM

OK. Are you aware how TLS in particular and PKi and asymmetric cryptography in general works?

If you want to just authenticate the other party (for example - want to make sure at your forwarder that the indexer you're connecting to is the one it claims to be), all you need on your forwarder is the certificate (just the certificate) of the CA used to issue the indexer's certificate.

But if you need to authenticate yourself as the forwarder to the indexer, you need both the certificate you got issued by the CA as well as your own private key. That's why it's called private key - it's something unique to you and you don't disclose it to any other parties. It's used to encrypt stuff during the communication so that other parties can decrypt it with your public key (included in the certificate).

For your own security, please, please, please get someone with TLS/PKI working experience involved and please read a bit about how it all works otherwise you can hurt yourself.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-28-2023 12:46 AM

Hi @VK18,

you have to establich a secure connection before between UFs and HFs probably using one password, then another secure connection between HFs and Indexers probably using another password,

but you can also use the same for both also because the password isn't readable because it's encrypted at the first restart.

Ciao.

Giuseppe

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...