Security
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Do I need separate certs for inter-splunk communication and the Web Admin Page?

durzoblint
New Member
‎03-30-2022 11:43 AM

I found how-to links for generating CSR's for Inter-Splunk communication and for the Splunk Web site to be able to use 3rd party generated certs.  

However, the processes are almost identical, so I'm wondering if I need to do this process twice so that each use case get their own cert.  Or if I only have to do it once and use the single resulting Cert for both use cases since technically the common name would be the same for both?

I couldn't find anything in the documentation that stated this either way.

https://docs.splunk.com/Documentation/Splunk/8.2.5/Security/Howtogetthird-partycertificates

https://docs.splunk.com/Documentation/Splunk/8.2.5/Security/Getthird-partycertificatesforSplunkWeb

 

Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎03-30-2022 11:51 AM

It's more of an organizational issue than a technical one.

You have separate settings for web interface, for the core splunkd functionality (like internode communication), you can use separate certs and ssl settings for each input and output. Sometimes modular inputs let you use their own ssl settings.

It's up to you whether you use that and configure multiple certs or just stay with the default settings (and even default cert but that's highly unadvisable).

I can think of different scenarios when you could need to use separate certs (for example - you want to use your internal CA to isssue certs for internal splunk infrastructure communication but want to serve the web iterface to users with a certificate issued by well known CA trusted by default by any modern browser). But you might also want to use certs issued by your internal CA for everything and in this case you most probably would use the same certificate for all purposes.

There are different needs and different possibilities 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...
Top