Security

Setting up secure communication between DS and UF

bijenderkhosya
Engager

Hello,
We got a requirement to secure the communication between Deployment server and UF on port 8089. Can someone help me on below queries.

  • We are managing around 200 servers from a DS and requirement is to setup secure communication for couple of servers. Can we do this for some server ? if so how to setup this.
  • If we have to do this for all the servers being managed by a DS. can we use DS to push the certificates to UF and what are the configuration steps ?

Any help and reference document would be helpful.

Thanks,
Bijender

Labels (1)
0 Karma
1 Solution

PavelP
Motivator

Hello @bijenderkhosya

as @gcusello mentioned, SSL is already enabled, but default certificates are used, which means the connection is not "secure" and can be MitM-ed.

Please follow these steps: https://conf.splunk.com/session/2015/conf2015_DWaddle_DefensePointSecurity_deploying_SplunkSSLBestPr...

View solution in original post

PavelP
Motivator

Hello @bijenderkhosya

as @gcusello mentioned, SSL is already enabled, but default certificates are used, which means the connection is not "secure" and can be MitM-ed.

Please follow these steps: https://conf.splunk.com/session/2015/conf2015_DWaddle_DefensePointSecurity_deploying_SplunkSSLBestPr...

View solution in original post

bijenderkhosya
Engager

Thanks @PavelP, Can we use custom and default ssl certificates simultaneously on one DS ? Lets say 5 UF using custom ssl and other using default and all are being managed by single DS.

0 Karma

PavelP
Motivator

@bijenderkhosya I think this will work if the cert verification is disabled. I think you cannot enable cert verification selectively.

The setup described in the pdf doesn't use mutual authenticated TLS, only DS' certificate is verified, the UF's certificate is not verified.

0 Karma

gcusello
Legend

Hi @bijenderkhosya,
SSL is enabled by default in the communications between Deployment Server and deployment clients, as you can see at https://docs.splunk.com/Documentation/Splunk/8.0.4/Updating/Planadeployment#SSL_encryption

Ciao.
Giuseppe

Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!