Security
Highlighted

Which default certificate should I use to certify my HTTP Event Collector

Engager

I am running some C# code that sends a POST request to my Splunk HTTP Event Collector at the following URL - https://localhost:8088/services/collector/raw to submit a log

I am getting the following error: Peer certificate cannot be authenticated with given CA certificates ( If I make the request in Postman my logs are submitted no problem )

I am thinking that I need to load my Splunk servers default certificate onto the machine I am making the request from. If this is correct I need to know which of the default certificates ( this is just for testing purposes ) I should be loading that would be specific to my HEC. And also if the correct certificates I'm looking for are located here C:\Program Files\Splunk\etc\auth

Highlighted

Re: Which default certificate should I use to certify my HTTP Event Collector

SplunkTrust
SplunkTrust

ca.pem is the splunk ca
server.pem is what will run by default on 8089

I believe it is also used for HEC by default.

Hope that helps!

You can check which cert is in use with openssl

 openssl s_client -connect yourhost:hecport 

Openssl can be found in splunkhome/bin

View solution in original post

0 Karma
Highlighted

Re: Which default certificate should I use to certify my HTTP Event Collector

Engager

Thank you for your answer. I verified that server.pem is in use using openssl. That should be what I need, thanks again

Highlighted

Re: Which default certificate should I use to certify my HTTP Event Collector

SplunkTrust
SplunkTrust

Cheers! It was my pleasure!

0 Karma