Hi,
Good day!
We have distributed Splunk Enterprise setup, we are trying to establish secure SSL communication between UF-> HF-> Indexer.
We do have certificates configured for Search heads, Indexers and Heavy Forwarders. We have also opened required receiving ports on both Indexer and HF.
On the other hand, we have around 200 UF's, can someone please tell me, if we need to generate 200 client certificates or we can use general certificate which we can deploy on all 200 UF's for establishing communication between UF and HF.
Thanks,
D Vijaya
Take a look at this excellent presentation from .conf15 which walks you through creating and applying certificates across all of your Splunk infrastructure:
Slide 18+ covers Forwarders.
https://conf.splunk.com/session/2015/conf2015_DWaddle_DefensePointSecurity_deploying_SplunkSSLBestPr...
You can create one certificate which all your UFs will use, you don't need 200 certs!
Thanks guys.. your response would help 🙂
Take a look at this excellent presentation from .conf15 which walks you through creating and applying certificates across all of your Splunk infrastructure:
Slide 18+ covers Forwarders.
https://conf.splunk.com/session/2015/conf2015_DWaddle_DefensePointSecurity_deploying_SplunkSSLBestPr...
You can create one certificate which all your UFs will use, you don't need 200 certs!
Hi,
You can use common certificate on all 200 UF which will connect with HF/IDX.