Getting Data In
Highlighted

Simple forwarder encryption

Engager

Is it possible to configure a universal forwarder to encrypt WITHOUT requiring mutual auth? Like how most browsers work with HTTPS sites? Don't need to authenticate the client just prevent eavesdropping.

Tags (2)
Highlighted

Re: Simple forwarder encryption

SplunkTrust
SplunkTrust
Highlighted

Re: Simple forwarder encryption

Engager

This does not answer my question. Question was answered via IRC by bosburn. The answer is that Splunk does not support this simple mode of encryption. I propose that this feature be added. Something like UseSSL = 1 instead of having to drop a client cert and configure a password on all end-points.

Highlighted

Re: Simple forwarder encryption

SplunkTrust
SplunkTrust

Yes and no. Total agreement that useSSL=1 would be ideal. When a forwarder is set up to use SSL, providing a certificate to authenticate with is the only way to enable SSL. BUT, the indexer-side's inputs.conf decides whether a client certificate is actually needed to authenticate or not. I would like to see the forwarder side decouple "I would like to use SSL" from "Here is my client certificate"...

Also Brian rocks.

Highlighted

Re: Simple forwarder encryption

Communicator

plus 1 - on useSSL=1 managing certs in a large forwarder environment is not much fun

0 Karma