Security

Including SSL Certificates in a Splunk App

adrianathome
Communicator

I tried to include my own certificates to encrypt forwarder to indexer communications via an app. However, the forwarder was not able to read the cert from $SPLUNK_HOME/etc/apps/myapp/local. The forwarder would only use the certs if located under $SPLUNK_HOME/etc/certs.

Are SSL certificates one of those items that cannot be bundled in a Splunk app?

Tags (1)
1 Solution

gkanapathy
Splunk Employee
Splunk Employee

you are correct. those items can not be in Splunk apps, and must be distributed to $SPLUNK/etc/auth. If you are using deployment server to distribute apps, you must use some other way to distribute the certificates.

View solution in original post

joshuariley
New Member

We have our certs deployed via an app. In our ouputs, we just point to the app path as the cert path and it works fine. Alternatively, you can deploy and script with the cert and move the cert from the app into $SPLUNK_HOME/etc/auth using the script.

0 Karma

triest
Communicator

I can verify I have seen other customers push certs via APPS and then just update the path in a .conf file in that app. You can even reference the certs with ./

I know a place that has been doing this since the 5.x days

0 Karma

jcspigler2010
Path Finder

I know this is an older post so I understand if my question gets batted to the side. But is there a technical reason as to why you can't have certificates located in an app directory? It just seems like a way more intuitive way to deploy SSL related configurations as opposed to using something like ansible or GPOs.

Thanks!

gkanapathy
Splunk Employee
Splunk Employee

you are correct. those items can not be in Splunk apps, and must be distributed to $SPLUNK/etc/auth. If you are using deployment server to distribute apps, you must use some other way to distribute the certificates.

View solution in original post

adrianathome
Communicator

Thanks for confirming my suspicion.

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!