Getting Data In

How to establish secure connection between Universal Forwarders and Heavy Forwarders in a distributed environment?

Explorer

Hi,

Good day!

We have distributed Splunk Enterprise setup, we are trying to establish secure SSL communication between UF-> HF-> Indexer.
We do have certificates configured for Search heads, Indexers and Heavy Forwarders. We have also opened required receiving ports on both Indexer and HF.
On the other hand, we have around 200 UF's, can someone please tell me, if we need to generate 200 client certificates or we can use general certificate which we can deploy on all 200 UF's for establishing communication between UF and HF.

Thanks,
D Vijaya

0 Karma
1 Solution

Ultra Champion

Take a look at this excellent presentation from .conf15 which walks you through creating and applying certificates across all of your Splunk infrastructure:

Slide 18+ covers Forwarders.
https://conf.splunk.com/session/2015/conf2015_DWaddle_DefensePointSecurity_deploying_SplunkSSLBestPr...

You can create one certificate which all your UFs will use, you don't need 200 certs!

View solution in original post

0 Karma

Explorer

Thanks guys.. your response would help 🙂

0 Karma

Ultra Champion

Take a look at this excellent presentation from .conf15 which walks you through creating and applying certificates across all of your Splunk infrastructure:

Slide 18+ covers Forwarders.
https://conf.splunk.com/session/2015/conf2015_DWaddle_DefensePointSecurity_deploying_SplunkSSLBestPr...

You can create one certificate which all your UFs will use, you don't need 200 certs!

View solution in original post

0 Karma

SplunkTrust
SplunkTrust

Hi,

You can use common certificate on all 200 UF which will connect with HF/IDX.

0 Karma