Security

SSL Certs and verification

edwardrose
Contributor

Hello All

I have the following configuration that I would like to see work if possible. A server in the DMZ setup as an intermediary to capture logs from devices in AWS being transported over the internet. Could one possibly have the following setup:

AWS universal forwarder 3rd party cert
server.conf:

[sslConfig]
sslRootCAPath = $SPLUNK_HOME/etc/auth/3rdpartycert/cacert.pem

outputs.conf

[tcpout]

[tcpout:dmz_fwd]
server = dmz-fwder.example.org:9997
disable = 0
clientCert = $SPLUNK_HOME/etc/auth/3rdpartycert/client.pem
useClientSSLCompression = true
sslPassword = <blah>
sslCommonNameToCheck = dmz-fwder.example.org
sslVerifyServerCert = true 

DMZ Host 3rd party Cert and Splunk Cert
inputs.conf:

[splunktcp-ssl:9997]
disabled = 0

[SSL]
serverCert = $SPLUNK_HOME/etc/auth/3rdpartycert/server.pem
sslPassword = password
requireClientCert = True

server.conf

[sslConfig]
sslRootCAPath = /opt/splunk/etc/auth/3rdpartycert/cacert.pem

Then the DMZ host would use the default certs and default SSL configuration to send the data into a secure network on our intranet. I am not sure it will work as due to the fact the server.conf on the DMZ host will have a conflict between the 3rd party cert and the Splunk out of the box cert.

server.conf required for default certs

[sslConfig]
sslRootCAPath = /opt/splunk/etc/auth/cacert.pem

Thoughts?

Thanks in advance

0 Karma

vishaltaneja070
Motivator

@edwardrose,

I dont think it will be problem. If you are sending data outside Splunk then the configuration will be there in outputs.conf and we are not specifying any ssl use there.

0 Karma
Get Updates on the Splunk Community!

.conf23 Registration is Now Open!

Time to toss the .conf-etti &#x1f389; —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...