Does the default root certificate expiration on July 21, 2016 affect the "universal forwarders" ?
What is the expiration date of the new root certificate that we are asked to replace the July 21 expiring one with?
The certificate expiration will only affect universal forwarders if you have enabled encrypted connections between the forwarders and the indexers
For more information and specifically on the forwarder question, see point 4 in the answer here:
https://answers.splunk.com/answers/395886/for-splunk-enterprise-splunk-light-and-hunk-pre-63.html
The certificate expiration will only affect universal forwarders if you have enabled encrypted connections between the forwarders and the indexers
For more information and specifically on the forwarder question, see point 4 in the answer here:
https://answers.splunk.com/answers/395886/for-splunk-enterprise-splunk-light-and-hunk-pre-63.html
Hello, is it possible that Splunkforwarder still works if the cacert.pem on the indexer is expired and from different certificate authority? We have sslVerifyServerCert = false set on the fwd.
Thanks.
How do i confirm that my forwarder not connecting to indexers using encrypted?
07-14-2016 08:53:08.462 -0400 INFO TcpOutputProc - Connected to idx=xx.xx.xxx.xx:9997 using ACK.
Thats the logs shows
The ACK has to do with the acknowledgement setting of forwarding.
If your indexer is set up with splunktcp-ssl inputs then it should be receiving SSL (encrypted) over that port. If there are ports in the inputs for TCP (without ssl) then see what is connecting to that port in the logs to find non SSL connections.