Hello
I want to secure splunkd DS->clients with self-signed ssl cert but for some reason it doesn't work.
From splunk docs , I followed this:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Securingyourdeploymentserverandclients
but the only info there is that you need to add config in server.conf and that there must be used the same CA cert as Web splunk
so I have created a new server cert from the same CA as the Web cert is and have the following configs:
server.conf
[sslConfig]
enableSplunkdSSL = true
sslVersions = *,-ssl2
serverCert = ServerCertificate2.pem
sslPassword = encryptedpass
sslRootCAPath = CACertificate.pem
web.conf
[settings]
enableSplunkWebSSL = true
privKeyPath = ServerPrivateKey1.key
serverCert = ServerPrivateKey1.pem
inputs.conf
[general]
serverCert = ServerCertificate3.pem
sslPassword = encryptedpass
If I start splunk with the above, splunk starts but it loads very very slow and No one can log in. The only thing I can see in the log is:
WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read finished A', alert_description='certificate unknown'.
But I noticed that the same warning comes even if I run the working server.conf:
If I changed the server.conf so that it is used the same server.conf as the inputs.conf , Splunk has no problems.
[sslConfig]
enableSplunkdSSL = true
sslVersions = *,-ssl2
serverCert = ServerCertificate3.pem
sslPassword = encryptedpass
sslRootCAPath = CACertificate.pem
So why I cannot use two different server.certs for splunkd and data encryption traffic?
Is there something I don't do correct and where I can find more info for splunk ssl in splunk docs?
Many thanks in advance
↧