Hi folks,
I have recently been testing out how to ensure the connection between my deployment server and the universal forwarders is secure. I followed the instructions and deployed a new app with some stanzas to a test windows workstation server class, via deploymentclient.conf to conform to this:
[deployment-client]
sslVerifyServerCert=true
caCertFile=$SPLUNK_HOME/etc/apps/<this apps name>/auth/ca.pem
sslCommonNameToCheck = <common name in DS cert>
My question is how can I confirm it is connecting securely? Most of the documentation I find describes securing the indexers to forwarders, but not the deployment server to client/forwarder connection.