Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Disable TLS certificate for inter-Splunk communication in Splunk enterprise

Eshwar
Engager
‎02-04-2024 10:58 PM

Hi Splunk experts,

We have Splunk enterprise which is running on Linux. Is there any option that we can disable or skip secure inter-splunk communication for REST APIs?

Please suggest me

Thank you in advance.

Regards,

Eshwar

 

Labels (2)
0 Karma
Reply

batabay
Path Finder
‎02-04-2024 11:59 PM

Hi,

According to the documentation, you can do this, but it is strongly discouraged. In the correct scenario, it would be more sensible to use a signed certificate or perform SSL forwarding on a load balancer. I recommend against testing this in a production environment.

 

in $SPLUNK_HOME/etc/system/local/server.conf
[sslConfig]
enableSplunkdSSL = false

 

[sslConfig]
* Set SSL for communications on Splunk back-end under this stanza name.
  * NOTE: To set SSL (for example HTTPS) for Splunk Web and the browser,
   use the web.conf file.
* Follow this stanza name with any number of the following setting/value
  pairs.
* If you do not specify an entry for each setting, the default value
  is used.

enableSplunkdSSL = <boolean>
* Enables/disables SSL on the splunkd management port (8089) and KV store
  port (8191).
* NOTE: Running splunkd without SSL is not recommended.
* Distributed search often performs better with SSL enabled.
* Default: true
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎02-05-2024 07:25 AM

Hi

as already said by @batabay don't disable it. Even you are using Splunk's internal certs it's better than without it.

If you have issue to use that e.g. with cURL or other tools you could accept those cert within those command. Like "curl -k". Or other option (better) is just replace those Splunk's internal certs with official certs.

See https://docs.splunk.com/Documentation/Splunk/latest/Security/AboutsecuringyourSplunkconfigurationwit... and https://conf.splunk.com/files/2023/slides/SEC1936B.pdf

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...