Security

How to deploy self-signed certs to deployment clients using the deployment server

Builder

How do I push my self-signed certs to universal forwarders using the deployment server. The docs say:

Define the following stanzas in $SPLUNK_HOME/etc/system/local/outputs.conf (or in the appropriate directory of any app you are using to distribute your forwarding configuration) :

Do I need to push a script that moves the certs to a local folder? Can I just distribute an app with outputs.conf that point to $SPLUNKHOME/etc/apps/myssl_app/auth/ for the certificates?

0 Karma
1 Solution

Communicator

Totally doable from a deployment app, and you are able to set the path to the cert files in that deployment app as well, so you won't have to move the certs anywhere (via updated server.conf). I have done this at a few customer sites and it works well.

One thing to keep in mind is to ensure that the "sslVerifyServerCert" in deploymentclient.conf is set to false so that new UF's coming online can still contact the DS and get their new certs/apps. Another parameter to keep in mind is "requireClientCert" in server.conf. Default is set to false, but if set to true brand new UF's would need the certs and server.conf before hand in order to work.

You can always hit me up on email if you need more info, but totally doable.

View solution in original post

Communicator

Totally doable from a deployment app, and you are able to set the path to the cert files in that deployment app as well, so you won't have to move the certs anywhere (via updated server.conf). I have done this at a few customer sites and it works well.

One thing to keep in mind is to ensure that the "sslVerifyServerCert" in deploymentclient.conf is set to false so that new UF's coming online can still contact the DS and get their new certs/apps. Another parameter to keep in mind is "requireClientCert" in server.conf. Default is set to false, but if set to true brand new UF's would need the certs and server.conf before hand in order to work.

You can always hit me up on email if you need more info, but totally doable.

View solution in original post

Explorer

Jonathan - if you have a few moments I'd like the specifics and how-tos for this - facing similar problem with 5000+ UFs.

0 Karma

Builder

Ok this makes a lot more sense. I'll work this out and let you know if I run into any issues.

0 Karma

Legend

If you push the certs via a deployment app, then you must have a script that moves the certs to the appropriate directory. I think this is sort of kludgy but I think it can be done. I personally have never done this.

Remember that scripted inputs are inputs, but there is really no restriction on what the scripts can do. So you will have to create an input to invoke the script. And the script will have to be smart enough to only copy the certs once - and to trigger a restart afterwards.

I do not believe that you can leave the certs in the app directory.

0 Karma

Builder

Thanks for the reply. I was afraid this was the case.

0 Karma