Security

SSL Certs and verification

edwardrose
Contributor

Hello All

I have the following configuration that I would like to see work if possible. A server in the DMZ setup as an intermediary to capture logs from devices in AWS being transported over the internet. Could one possibly have the following setup:

AWS universal forwarder 3rd party cert
server.conf:

[sslConfig]
sslRootCAPath = $SPLUNK_HOME/etc/auth/3rdpartycert/cacert.pem

outputs.conf

[tcpout]

[tcpout:dmz_fwd]
server = dmz-fwder.example.org:9997
disable = 0
clientCert = $SPLUNK_HOME/etc/auth/3rdpartycert/client.pem
useClientSSLCompression = true
sslPassword = <blah>
sslCommonNameToCheck = dmz-fwder.example.org
sslVerifyServerCert = true 

DMZ Host 3rd party Cert and Splunk Cert
inputs.conf:

[splunktcp-ssl:9997]
disabled = 0

[SSL]
serverCert = $SPLUNK_HOME/etc/auth/3rdpartycert/server.pem
sslPassword = password
requireClientCert = True

server.conf

[sslConfig]
sslRootCAPath = /opt/splunk/etc/auth/3rdpartycert/cacert.pem

Then the DMZ host would use the default certs and default SSL configuration to send the data into a secure network on our intranet. I am not sure it will work as due to the fact the server.conf on the DMZ host will have a conflict between the 3rd party cert and the Splunk out of the box cert.

server.conf required for default certs

[sslConfig]
sslRootCAPath = /opt/splunk/etc/auth/cacert.pem

Thoughts?

Thanks in advance

0 Karma

vishaltaneja070
Motivator

@edwardrose,

I dont think it will be problem. If you are sending data outside Splunk then the configuration will be there in outputs.conf and we are not specifying any ssl use there.

0 Karma
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...