1/18/2024 0 Comments Splunk authentication conf![]() ![]() The Splunk platform supports the following versions for SSL and TLS: "ssl3", "tls1.0", "tls1.1", and "tls1.2". The list of SSL versions that the receiver supports. ![]() When both the forwarder and receiver have a "true" value for this setting, mutually authenticated TLS or mTLS is active. Configure this setting to "true" if you want your receivers to require authentication with certificates. A value of "false" means that clients can connect without presenting a certificate. A value of "true" means that the receiving instance must see a valid certificate to let the client authenticate. Whether or not the Splunk platform instance requires that a connecting client present a valid TLS certificate before the connection can succeed. If you want to use the Certificate Assist helper package for the Splunk Assist monitoring service, then this is a required setting. Do not configure this setting if you did not specify a password when you created your certificates. The password that you entered when you created the certificate, if you created a password. You can specify either the absolute path to the certificate, such as /opt/splunk/etc/auth/mycerts/myServerCert.pem, or you can use a relative path, such as etc/auth/mycerts/myServerCert.pem and the instance uses the Splunk platform instance installation directory. This is the certificate that the machine uses to support inbound connections over TLS/SSL. The location of the server certificate on the Splunk platform instance. Add the following stanzas and settings to the file.ĭefines a TCP network input to receive data over TLS/SSL on the port you specify.ĭefines the TLS/SSL settings for all inputs that you define for this instance. In the nf file, configure the indexer to use the server certificate.Use a text editor to open the $SPLUNK_HOME/etc/system/local/nf configuration file for editing.For example, you can move the files to a destination directory of $SPLUNK_HOME/etc/auth/mycerts/. Using this prompt or file system management tools, copy the server certificate and the certificate authority public certificate into an accessible directory on the indexer where you want to configure certificates.The certificates you configure on indexers control how the indexer receives data from a forwarder. You can configure indexers to use TLS certificates. The key files that come with the certificates must be in RSA security format.You must have a private key file for each certificate file.The certificates must be in Privacy-Enhanced Mail format and comply with the x.509 public key certificate standard.After you get the certificates, you must prepare the certificates for use with Splunk platform instances.You can either obtain third party certificates from a certificate authority, or create and sign them yourself.Prerequisites for configuring Splunk indexing and forwarding using TLS certificatesīefore you can secure communications between Splunk indexers and forwarders, you must have the following: For details, see Install and configure the Splunk Cloud Platform universal forwarder credentials package. Instead, download and use the Splunk Cloud Universal Forwarder Credentials package and install it on your forwarding infrastructure. You can either obtain certificates from a certificate authority, or create and sign them yourself.ĭo not use these instructions to configure secure forwarding of data to a Splunk Cloud Platform instance. The certificates you use can replace the default certificates that Splunk provides. ![]() You can use transport layer security (TLS) certificates to secure connections between forwarders and indexers. Configure Splunk indexing and forwarding to use TLS certificates ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |