I would like help understanding why sslRootCAPath is needed in server.conf. From what I understand, this is just a typical CA bundle that contains all the root CAs that you trust/want to allow Splunk to interact with. This in place of one built into a operating system/browser/whatever.
On to the topic of CA signed certs. Why is it that this option is recommend for setting up certificates signed by a third party? I get that it could be helpful if you need to act as a client, but what does the server stand to gain? Here is the real question though: Why would it be the case that after commenting out sslRootCAPath and restarting, that some data comes through fine, and some data does not?
Thanks!
↧
