Security

Setting up secure communication between DS and UF

bijenderkhosya
Engager

Hello,
We got a requirement to secure the communication between Deployment server and UF on port 8089. Can someone help me on below queries.

  • We are managing around 200 servers from a DS and requirement is to setup secure communication for couple of servers. Can we do this for some server ? if so how to setup this.
  • If we have to do this for all the servers being managed by a DS. can we use DS to push the certificates to UF and what are the configuration steps ?

Any help and reference document would be helpful.

Thanks,
Bijender

Labels (1)
0 Karma
1 Solution

PavelP
Motivator

Hello @bijenderkhosya

as @gcusello mentioned, SSL is already enabled, but default certificates are used, which means the connection is not "secure" and can be MitM-ed.

Please follow these steps: https://conf.splunk.com/session/2015/conf2015_DWaddle_DefensePointSecurity_deploying_SplunkSSLBestPr...

View solution in original post

PavelP
Motivator

Hello @bijenderkhosya

as @gcusello mentioned, SSL is already enabled, but default certificates are used, which means the connection is not "secure" and can be MitM-ed.

Please follow these steps: https://conf.splunk.com/session/2015/conf2015_DWaddle_DefensePointSecurity_deploying_SplunkSSLBestPr...

bijenderkhosya
Engager

Thanks @PavelP, Can we use custom and default ssl certificates simultaneously on one DS ? Lets say 5 UF using custom ssl and other using default and all are being managed by single DS.

0 Karma

PavelP
Motivator

@bijenderkhosya I think this will work if the cert verification is disabled. I think you cannot enable cert verification selectively.

The setup described in the pdf doesn't use mutual authenticated TLS, only DS' certificate is verified, the UF's certificate is not verified.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @bijenderkhosya,
SSL is enabled by default in the communications between Deployment Server and deployment clients, as you can see at https://docs.splunk.com/Documentation/Splunk/8.0.4/Updating/Planadeployment#SSL_encryption

Ciao.
Giuseppe

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...