Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

For Splunk Enterprise, pre 6.3, default root certificates expire on July 21, 2016 - Universal Forwarder?

opmlh0
Engager
‎05-18-2016 09:14 PM

Does the default root certificate expiration on July 21, 2016 affect the "universal forwarders" ?
What is the expiration date of the new root certificate that we are asked to replace the July 21 expiring one with?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bgraabek_splunk
Splunk Employee
Splunk Employee
‎05-19-2016 01:59 AM

The certificate expiration will only affect universal forwarders if you have enabled encrypted connections between the forwarders and the indexers

For more information and specifically on the forwarder question, see point 4 in the answer here:
https://answers.splunk.com/answers/395886/for-splunk-enterprise-splunk-light-and-hunk-pre-63.html

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

bgraabek_splunk
Splunk Employee
Splunk Employee
‎05-19-2016 01:59 AM

The certificate expiration will only affect universal forwarders if you have enabled encrypted connections between the forwarders and the indexers

For more information and specifically on the forwarder question, see point 4 in the answer here:
https://answers.splunk.com/answers/395886/for-splunk-enterprise-splunk-light-and-hunk-pre-63.html

0 Karma
Reply
Solved! Jump to solution

splunkreal
Motivator
‎09-08-2016 08:45 AM

Hello, is it possible that Splunkforwarder still works if the cacert.pem on the indexer is expired and from different certificate authority? We have sslVerifyServerCert = false set on the fwd.

Thanks.

* If this helps, please upvote or accept solution if it solved *
0 Karma
Reply
Solved! Jump to solution

sim_tcr
Communicator
‎07-14-2016 05:55 AM

How do i confirm that my forwarder not connecting to indexers using encrypted?

07-14-2016 08:53:08.462 -0400 INFO  TcpOutputProc - Connected to idx=xx.xx.xxx.xx:9997 using ACK.

Thats the logs shows

0 Karma
Reply
Solved! Jump to solution

sloshburch
Ultra Champion
‎07-14-2016 06:46 AM

The ACK has to do with the acknowledgement setting of forwarding.

If your indexer is set up with splunktcp-ssl inputs then it should be receiving SSL (encrypted) over that port. If there are ports in the inputs for TCP (without ssl) then see what is connecting to that port in the logs to find non SSL connections.

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...