Our Splunk rep walked us through setting up SSL for our Splunk server communication with each other and for our Universal Forwarders to connect to our Indexer. However, we still get the warning X509 certificate (O=SplunkUser,CN=SplunkServerDefaultCert) should not be used, as it is issued by Splunk's own default Certificate Authority (CA)
In addition, Nessus scans find the default Splunk certificate on all of the systems with Universal Forwarders.
We have SSL certificates created by our government agency's CA.
I have verified that our indexer's server.conf is pointing sslRootCAPath to our CA's pem.
I have verified that our indexer's inputs.conf is pointing serverCert at our server's pem.
I have verified that our universal forwarders' outputs.conf have clientCert pointing at our server's pem, which is located on each system in C:\Program Files\SplunkUniversalForwarder\etc\auth.
I have verified that our universal forwarders' outputs.conf have sslRootCAPath pointing at our CA's pem, which is located on each system in C:\Program Files\SplunkUniversalForwarder\etc\auth.
Why do we still get this warning? Are we missing a setting somewhere?
... View more