Solved: Disable SSL Communication

cuppma · ‎04-23-2014

I was wondering the best way to disable SSL communications between my forwarder and Splunk instance. My certificates have expired and I want my logs to get to Splunk. I know can reissue certificates, but I determined that this is no longer necessary. So what do I need to do to just disable this?

Do I need to change a setting in outputs.conf on the forwarder?

Thanks in advance!

MuS · ‎04-24-2014

Hi cuppma,

basically you do the reverse version of the docs about Configure Splunk forwarding to use the default certificate. First make sure your indexer is receiving on a non-SSL Port, next you remove the SSL settings from your UF outputs.conf to something like this:

[tcpout:group1]
server=some IP:some Port

Hope this helps to get you started ...

cheers, MuS

View solution in original post

MuS · ‎04-24-2014

Hi cuppma,

basically you do the reverse version of the docs about Configure Splunk forwarding to use the default certificate. First make sure your indexer is receiving on a non-SSL Port, next you remove the SSL settings from your UF outputs.conf to something like this:

[tcpout:group1]
server=some IP:some Port

Hope this helps to get you started ...

cheers, MuS

Disable SSL Communication

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

Everything Community at .conf24!

Index This | I’m short for "configuration file.” What am I?