I am trying to setup SSL security from the fwd clients to the index servers. I am looking at the atricle http://docs.splunk.com/Documentation/Splunk/6.4.2/Security/ConfigureSplunkforwardingtousesignedcertificates but cannot figure it out.
[SSL]
rootCA = $SPLUNK_HOME/etc/auth/mycerts/myCACertificate.pem
serverCert = $SPLUNK_HOME/etc/auth/mycerts/myNewServerCertificate.pem
password =
cipherSuite =
[splunktcp-ssl:9997]
compressed = true
What file is what? What file should rootCA point to? I assume the cert authority file. It seems that the serverCert is chained in some way.
Any help is MUCH appreciated!
↧