We are working with mutiple platforms that will send log data to heavy forwarders. We want to encrypt and if possible also authenticate the connetions. For one platform we have our own CA for the server certificates, the authenticated connections work, for the second platform we want to use the splunk certificates. I didn't see how we can configure the heavy forwarder with two different CAs. Is this even possible? How would I build this?
Bump. The problem here is that even though you can define several
[splunktcp-ssl] stanzas, you can only define one
[SSL] stanza, apparently. I also want to define two
[SSL] stanzas, for two different server certificates. Also, one of them would require client certificate, and the other would not. Is this possible?
EDIT: Got an answer to my own question here https://answers.splunk.com/answers/549719/two-ssl-certificates-on-a-single-indexer-forwarder.html