Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Disable TLS certificate for inter-Splunk communication in Splunk enterprise

Eshwar
Engager
‎02-04-2024 10:58 PM

Hi Splunk experts,

We have Splunk enterprise which is running on Linux. Is there any option that we can disable or skip secure inter-splunk communication for REST APIs?

Please suggest me

Thank you in advance.

Regards,

Eshwar

 

Labels (2)
0 Karma
Reply

batabay
Path Finder
‎02-04-2024 11:59 PM

Hi,

According to the documentation, you can do this, but it is strongly discouraged. In the correct scenario, it would be more sensible to use a signed certificate or perform SSL forwarding on a load balancer. I recommend against testing this in a production environment.

 

in $SPLUNK_HOME/etc/system/local/server.conf
[sslConfig]
enableSplunkdSSL = false

 

[sslConfig]
* Set SSL for communications on Splunk back-end under this stanza name.
  * NOTE: To set SSL (for example HTTPS) for Splunk Web and the browser,
   use the web.conf file.
* Follow this stanza name with any number of the following setting/value
  pairs.
* If you do not specify an entry for each setting, the default value
  is used.

enableSplunkdSSL = <boolean>
* Enables/disables SSL on the splunkd management port (8089) and KV store
  port (8191).
* NOTE: Running splunkd without SSL is not recommended.
* Distributed search often performs better with SSL enabled.
* Default: true
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎02-05-2024 07:25 AM

Hi

as already said by @batabay don't disable it. Even you are using Splunk's internal certs it's better than without it.

If you have issue to use that e.g. with cURL or other tools you could accept those cert within those command. Like "curl -k". Or other option (better) is just replace those Splunk's internal certs with official certs.

See https://docs.splunk.com/Documentation/Splunk/latest/Security/AboutsecuringyourSplunkconfigurationwit... and https://conf.splunk.com/files/2023/slides/SEC1936B.pdf

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...