We have a requirement to configure splunk with the CA issued certificates.
We are running Splunk 8.2.2.1.
In test environment – two standalone splunk instances.
In other environments – cluster
3 node SH cluster + SH deployer
3 node indexer cluster + CM
License Master/Monitoring server
Deployment Server
Heavy forwarders
I tried to configure standalone server's Splunk web (8443) and splunkd (8089) using this new CA issued cert.
But after I configured it for splunkd 8089 it breaks web, command line and also when I run openssl from other server it shows connected but then hangs and does not show certs.
I came across following link but it was for splunk 6 and things has changed a lot since then.
https://community.splunk.com/t5/Security/Custom-Certificate-for-Port-8089/m-p/362377
We also want to configure SH cluster to use CA issued cert for splunkd (8089).
But I could not find doc for SH cluster.
On standalone splunk instance:
cat /opt/splunk/etc/system/local/web.conf
[settings]
httpport = 8443
enableSplunkWebSSL = 1
sslVersions = tls1.2
sslPassword = $7$1_encrypted_password_lzShn0euEM5Yi9m6pUPS38TkYu1lDDsg=
serverCert = etc/auth/splunkweb/QA_Splunk_Concatenated.pem
privKeyPath = etc/auth/splunkweb/QA_Splunk_PrivateKey.key
cat /opt/splunk/etc/system/local/server.conf
[general]
serverName = xxx.test
pass4SymmKey = $7$k_encryted_key==
[sslConfig]
#serverCert = server.pem
sslPassword = $7$3_encryted_key==
sslVersions = tls1.2
enableSplunkdSSL = true
serverCert = /opt/splunk/etc/auth/splunkweb/QA_Splunk_Concatenated.pem
#requireClientCert = false
Is this correct?
Also, Do I need to request separate cert for each SH member? Will this impact other communication between SH custer and indexer cluster, license master, monitoring console, SH deployer?