I found how-to links for generating CSR's for Inter-Splunk communication and for the Splunk Web site to be able to use 3rd party generated certs.
However, the processes are almost identical, so I'm wondering if I need to do this process twice so that each use case get their own cert. Or if I only have to do it once and use the single resulting Cert for both use cases since technically the common name would be the same for both?
I couldn't find anything in the documentation that stated this either way.
https://docs.splunk.com/Documentation/Splunk/8.2.5/Security/Howtogetthird-partycertificates
https://docs.splunk.com/Documentation/Splunk/8.2.5/Security/Getthird-partycertificatesforSplunkWeb
It's more of an organizational issue than a technical one.
You have separate settings for web interface, for the core splunkd functionality (like internode communication), you can use separate certs and ssl settings for each input and output. Sometimes modular inputs let you use their own ssl settings.
It's up to you whether you use that and configure multiple certs or just stay with the default settings (and even default cert but that's highly unadvisable).
I can think of different scenarios when you could need to use separate certs (for example - you want to use your internal CA to isssue certs for internal splunk infrastructure communication but want to serve the web iterface to users with a certificate issued by well known CA trusted by default by any modern browser). But you might also want to use certs issued by your internal CA for everything and in this case you most probably would use the same certificate for all purposes.
There are different needs and different possibilities 🙂