Refine your search:

What is the recipe for creating new SSL certs for forwarding with no auth?

0

What are the steps to setup a new CA and generate new certs for SSL forwarding with no auth:

asked 12 Aug '10, 19:14

matt's gravatar image

matt ♦♦
3.1k2427
accept rate: 82%

edited 13 Aug '10, 00:05

jrodman's gravatar image

jrodman ♦
5.8k2515

Can you clarify just a little? Are you wanting to make a new CA and issue a certificate to each forwarder? Or, are you wanting to create a new self-signed certificate for the indexer? Or is it something else entirely?

(12 Aug '10, 19:44) dwaddle ♦
One Answer:
oldestnewestmost voted
5

First you probably want to create your own root CA:

mkdir -p /opt/splunk/etc/certs
/opt/splunk/bin/genRootCA.sh -d /opt/splunk/etc/certs

This will create the files:

ca.pem
cacert.pem
cakey.pem
careq.pem

in the given directory. Then you can issue signed server certificates for your indexer:

/opt/splunk/bin/genSignedServerCert.sh -d /opt/splunk/etc/certs -n indexer -c indexer.mydomain.com

and for your forwarder:

/opt/splunk/bin/genSignedServerCert.sh -d /opt/splunk/etc/certs -n forwarder1 -c forwarder1.mydomain.com

Copy over the files forwarder1.pem and cacert.pem to your forwarder.

To configure your forwarder to send the data via SSL add the following to $SPLUNK_HOME/etc/system/local/outputs.conf:

[indexAndForward]
index=false

[tcpout]
defaultGroup = forward-ssl

[tcpout:forward-ssl]
server = <indexer-ip>:9443

[tcpout-server://<indexer-ip>:9443]
sslCertPath=$SPLUNK_HOME/etc/certs/forwarder1.pem
sslPassword=password
sslRootCAPath=$SPLUNK_HOME/etc/certs/cacert.pem
sslVerfyServerCert=false

and add the following on the indexer in the $SPLUNK_HOME/etc/system/local/inputs.conf to listen on a port with SSL enabled:

[SSL]
serverCert=$SPLUNK_HOME/etc/certs/indexer.pem
password=password
rootCA=$SPLUNK_HOME/etc/auth/cacert.pem
requireClientCert=false

[splunktcp-ssl:9443]

It's also possible to distribute the SSL configuration via deployment services.

link

answered 12 Aug '10, 21:05

ziegfried's gravatar image

ziegfried ♦
7.1k1315
accept rate: 53%

edited 12 Aug '10, 21:20

Information about setting up SSL forwarding with host authentication and self-signed certificates can be found here : http://answers.splunk.com/questions/7164/how-do-i-set-up-ssl-forwarding-with-new-self-signed-certificates-and-host-authen

(23 Sep '10, 06:56) hexx ♦
Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×404
×100
×65

Asked: 12 Aug '10, 19:14

Seen: 836 times

Last updated: 13 Aug '10, 00:05

Related questions

Unable to configure SSL even with built-in certs

How do i use intermediate SSL chain certs on splunk?

Can a Splunk indexer accept ssl and non-ssl connections on the same port?

How do I set up SSL forwarding with new, self-signed certificates and authentication?

How to configure SSL for forwarding and receiving data

Universal Forwarder and Deployment Server with SSL how to?

Puppetizing Splunk for SSL-enabled Light Forwarding

Upgrading a LWF to a Universal Forwarder 4.1.6 to 4.2.5, we get SSL errors

Configuring SSL on universal forwarder

Copyright © 2005-2012 Splunk, Inc. All rights reserved.