Are .p12 and .pfx files required to use Splunk after initial install?
No third party certs.
The servers are Windows 2016 servers; the forwarders are v9.0.2.
The files are $SPLUNK_HOME\etc\auth\server.pem.pfx
I tried having the admin read the info off the files using "certutil -dump" and "openssl pkcs12", but they are asking for a password.
Finally, the admin renamed the file and restarted the splunkforwarder service; seems to run fine without them.
Hi @cjpote ,
good for you, see next time!
Please accept one answer for the other people of Community
Ciao and happy splunking
Giuseppe
P.S.: Karma Points are appreciated 😉
Mine are Windows 2016 servers; the forwarders are v9.0.2.
Is this part of some new security feature? I can't find anything about them in the documentation.
Hi @cjpote,
as i said I haven't them in my windows installation.
Are you using a third party certificate or the one created by Splunk?
Anyway, as you can read at https://en.wikipedia.org/wiki/PKCS_12, they are certificates created by OnpenSSL.
So I'd leave them in the auth folder.
You can also eventually move them in another folder and restarting you can see what happens.
Ciao.
Giuseppe
@gcusellooperating system is windows and the files are located in the auth file of the Splunk forwarder.
Hi @kymenope,
i haven't these files in my installation on Windows (test installation!), but why do you want to delete them?
If they aren't so large what problem do they give to you?
Ciao.
Giuseppe
Hi @kymenope,
Please some additional information:
Ciao.
Giuseppe