Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk SSL Question

chadwagonerKGI
Engager
‎03-24-2016 07:04 AM

So I have a Splunk environment signed by a 3rd party CA. However, the forwarders are using self-signed certificates because it's in a testing environment. WHen I try to send data from forwarder to indexer, I'm getting errors saying it can't verify certificate. I'm guessing it's because it is signed by a different root CA and the 3rd party won't accept it.

Is there any way to add the self signed root CA to a trust store or anything? Or do they have to be all signed by the same 3rd party CA?

0 Karma
Reply

davidpaper
Contributor
‎03-26-2016 08:08 PM

Splunk doesn't use a trust store (java style), but you can instruct Splunk where to find a rootCA from a 3rd party.

outputs.conf:
sslRootCAPath =

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...