Getting Data In

Working on Securing Data with SSL between Heavy Forwarder and Universal Forwarder using default certificates

YusufK
Loves-to-Learn Lots

Hi, I am having trouble attempting to get a deployment server and a deployment client to communicate and then access data through the Splunk search using SSL with Splunk default certificates. What steps would I have to go through to achieve this? So I am trying to get my deployment server A with default certs cacert.pem and server.pem in /etc/auth to communicate with Server B which also has the same default certs in /etc/auth. 

I have defined the Deployment Server server.conf and inputs.conf as shown:

 

[sslConfig]

enableSplunkdSSL = false
useClientSSLCompression = true
serverCert = /xxxxx/splunk/etc/auth/server.pem
sslPassword = password
sslRootCAPath = /xxxx/splunk/etc/auth/cacert.pem
certCreateScript = genMyServerCert.sh

 

inputs.conf

 

[SSL]
serverCert = /xxxx/splunk/etc/auth/server.pem
password = password
rootCA = /xxxx/splunk/etc/auth/cacert.pem
requireClientCert = false
sslVersions = tls,-ssl3

 

On my  Server B or Deployment Client, my server.conf is defined as

[sslConfig]

enableSplunkdSSL = true
[default]
useClientSSLCompression = true
serverCert = /xxxx/splunkforwarder/etc/auth/server.pem
sslPassword = password
sslRootCAPath = /xxxx/splunkforwarder/etc/auth/cacert.pem
certCreateScript = genMyServerCert.sh

What .conf files do I need to edit and what stanzas will I need to define on the Deployment Client(server B) for them to communicate and eventually I can search Server B on my search head? Sorry if this is unclear but I will be answering any questions on what I am asking.

Thank you.

Labels (1)
0 Karma

inventsekar
Super Champion

Hi @YusufK the question heading says about heavy forwarder.. do you want SSL between

UF--->HF--->indexer 

OR

Deployment Server <---> UF

(for this, hope you referred the documentation https://docs.splunk.com/Documentation/Splunk/8.0.6/Security/Securingyourdeploymentserverandclients )

0 Karma

YusufK
Loves-to-Learn Lots

Hi I am looking for 

 

Deployment Server <---> UF

 

For example, Server A is my Deployment Server AND Heavy Forwarder. Server B is my Deployment Client. I would like them to communicate with the default cert, and I would like searchable results in the search bar for Server B.

 

Thank you.

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!