Splunk Enterprise Security

How to point a non-SSL indexer cluster to a SSL enabled license master?

ptcrusher
Explorer

We're working on the setup of a new Splunk installation.
As an intermediate step during the migration work we would like to point the old Indexer Cluster to the new License Master.

The problem we're facing is that, in the old installation we're not using SSL for port 8089 communications and in the new installation we are.
To sum up, SSL is not configured in the client (the old Indexer Cluster) but is enabled in new License Master.

After setting the master_uri in [license] stanza to https://newlm.com:8089 (in /opt/splunk/etc/system/local/server.conf) the following messages started to popup:

Failed to contact license master: reason='Unable to connect to license master=https://newlm.com:8089 Error connecting: SSL not configured on client

As a side note openssl output looks clean:

>openssl s_client -connect newlm.com:8089 -CAfile /opt/splunk/etc/auth/cacert.pem Verify return code: 0 (ok)

Anyway to set up this mixed environment?
Could we possibly use SSL just for the communication with the License Master?
Could these calls be "proxied" by a License Slave?
What is the minimum setup to support this kind of communication? It would be the bummer if we have to set up the entire old installation for SSL just to contact the License Master!

Thanks in advance.

Labels (3)
0 Karma
Get Updates on the Splunk Community!

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...