Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Which default certificate should I use to certify my HTTP Event Collector

llovell
Engager
‎08-01-2019 10:56 AM

I am running some C# code that sends a POST request to my Splunk HTTP Event Collector at the following URL - https://localhost:8088/services/collector/raw to submit a log

I am getting the following error: Peer certificate cannot be authenticated with given CA certificates ( If I make the request in Postman my logs are submitted no problem )

I am thinking that I need to load my Splunk servers default certificate onto the machine I am making the request from. If this is correct I need to know which of the default certificates ( this is just for testing purposes ) I should be loading that would be specific to my HEC. And also if the correct certificates I'm looking for are located here C:\Program Files\Splunk\etc\auth

Reply
1 Solution
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎08-01-2019 12:44 PM

ca.pem is the splunk ca
server.pem is what will run by default on 8089

I believe it is also used for HEC by default.

Hope that helps!

You can check which cert is in use with openssl

 openssl s_client -connect yourhost:hecport

Openssl can be found in splunkhome/bin

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎08-01-2019 12:44 PM

ca.pem is the splunk ca
server.pem is what will run by default on 8089

I believe it is also used for HEC by default.

Hope that helps!

You can check which cert is in use with openssl

 openssl s_client -connect yourhost:hecport

Openssl can be found in splunkhome/bin

0 Karma
Reply
Solved! Jump to solution

llovell
Engager
‎08-01-2019 01:38 PM

Thank you for your answer. I verified that server.pem is in use using openssl. That should be what I need, thanks again

Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎08-01-2019 02:15 PM

Cheers! It was my pleasure!

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...