Hi fellow splunkers,
I'm currently trying to secure inter-splunk-communication with self-signed certificates.
I recently secured Splunk Web with my own servercertificate, so I now am trying to secure inter-comm.
I use the following certs:
- myservercert (the certificate our root-ca signed)
- myrootcacert (the root-ca certificate)
According to this documentation it should be easy to implement:
http://docs.splunk.com/Documentation/Splunk/6.4.0/Security/ConfigureSplunkforwardingtousesignedcertificates
Sadly I encountered the following problem:
splunkd.log on a search head tells me that Splunk can't connect to an indexer and the connection fails.
I now try to troubleshoot the cause of the problem.
----------
The default cacert.pem looks kinda like this:
----begin cert----
cacert
---end cert ---
The default server.pem looks kinda like this:
---begin cert---
servercert
---end cert---
---begin encrypted private key---
privatekey
---end encrypted private key---
---begin cert---
cacert
---end cert---
----------
My selfsigned certs look like this:
myrootcacert.pem
---begin cert---
myrootcacert
---end cert---
myservercert.pem
---begin cert---
myservercert
---end cert---
----------
Could this difference in the format be the problem?
If yes, in which format do I need to encrypt my private key?
Could someone tell me if the option "password = server certificate private key password" in the inputs.conf of the Indexer or "sslpassword" in the outputs.conf of the SH is really necessary?
I don't know which password I should type in. What password is this. Where is it from?
Help on this would be hugely appreciated! :)
Thanks in advance.
Regards,
pyro_wood
↧