Security

Disable SSL Communication

Explorer

I was wondering the best way to disable SSL communications between my forwarder and Splunk instance. My certificates have expired and I want my logs to get to Splunk. I know can reissue certificates, but I determined that this is no longer necessary. So what do I need to do to just disable this?

Do I need to change a setting in outputs.conf on the forwarder?

Thanks in advance!

1 Solution

SplunkTrust
SplunkTrust

Hi cuppma,

basically you do the reverse version of the docs about Configure Splunk forwarding to use the default certificate. First make sure your indexer is receiving on a non-SSL Port, next you remove the SSL settings from your UF outputs.conf to something like this:

[tcpout:group1]
server=some IP:some Port

Hope this helps to get you started ...

cheers, MuS

View solution in original post

0 Karma

SplunkTrust
SplunkTrust

Hi cuppma,

basically you do the reverse version of the docs about Configure Splunk forwarding to use the default certificate. First make sure your indexer is receiving on a non-SSL Port, next you remove the SSL settings from your UF outputs.conf to something like this:

[tcpout:group1]
server=some IP:some Port

Hope this helps to get you started ...

cheers, MuS

View solution in original post

0 Karma