Security

Configuring Splunk SSL for forwarder/indexer communication

liquidclay23
Explorer

Hey Splunkers,

This maybe less of a question and more of a comment. The "Configure Splunk forwarding to use signed certificates" documentation states you should configure:

sslPassword = The password for the CAcert

Obviously your not going to put the CA's secret password on a forwarder. I assume the intention is to say you would put the forwarder's certificate password here as entered by the CA when creating the cert. I believe this is poor verbiage.

In a related note - should you set a challenge password for this cert?

https://docs.splunk.com/Documentation/Splunk/7.2.5/Security/ConfigureSplunkforwardingtousesignedcert...

somesoni2
Revered Legend

Every Splunk documentation page has a comment section at the bottom where you can give your feedback/questions/concerns about the page's content. That comment goes to the Splunk Documentation management team directly, so I would suggest you post your feedback there (as well).

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...