=> This will create a new server certificate in $SPLUNK_HOME/etc/certs/splunk-idx-01.pem.
#Setting up splunk forwarder password#
Let's also assume that you want to use "changeme" as the password for your indexer's server certificate. In our example, let's assume that your indexer's host name is "".
2 - Generate a new self-signed server certificate for your indexer, specifying your indexer's host name as the common name recorded in the certificate : This public CA certificate is to be distributed to all Splunk instances (indexers and forwarders) who will be checking server certificates signed with the root certificate we just generated (ca.pem). => This will create a new certificate authority public certificate in $SPLUNK_HOME/etc/certs/cacert.pem Generate a new root certificate : # $SPLUNK_HOME/bin/genRootCA.sh -d $SPLUNK_HOME/etc/certs Point openssl to Splunk's openssl.cnf : # export OPENSSL_CONF=$SPLUNK_HOME/openssl/openssl.cnf
This will also ensure that you can keep using the certificates that ship with Splunk in $SPLUNK_HOME/etc/auth for other Splunk components if you wish to do so. In our example, we will create and use $SPLUNK_HOME/etc/certs. NOTE : For clarity's sake, it is better to generate new certificates in another directory than $SPLUNK_HOME/etc/auth in order not to overwrite those that exist there. 1 - On a Splunk instance, create your own root certificate :
Here is a detailed procedure to use non-default (in this case, self-signed) SSL certificates with common-name-based authentication (for the indexer(s) only) in a splunk2splunk (indexer to forwarder) connection.
0 kommentar(er)
