Hello,
I am using the following documents for configuring an Indexer and Forwarder to utilize a 3rd party certificate for communication
Use SSL to encrypt and authenticate data from forwarders
Configuring Splunk forwarding to use SSL certificates signed by a third party Certificate Authority
However, I have one question that wasn't clarified in the document. Setting up the Indexer was fairly straight forward. I created a .pem file combining the server public certificate, server private key, Issuing CA public cert, and Root CA public cert. I then configured inputs.conf to work with the 3rd party issuing cert according to the documentation.
My question is:
On the forwarder, the documentation makes it seem as if you need to use this same .pem file (containing server public cert, private key, issuing CA cert, and Root CA cert). It seems odd to me that the private key be required for the forwarder as well. Is the private key needed in the .pem file specified in outputs.conf (on the forwarder), or is it sufficient to use all public certificates in the .pem file specified in outputs.conf.
Thanks for any assistance. I wanted to make sure before I start copying private keys...
... View more