hi all
I am a splunk noob.
I have created individual server.pem files that are sha256 compliant from my windows ca
my deployment server and clients are mostly windows
the clients ( servers with universalforwarder installed) were individually installed.
my environment is using 6.5.3
i am trying to push a hardened server.conf with the sslconfig pointing to each individual servers pem file from the deployment server.
Is there any way i can do that
e.g. in the deploymentserver\etc\deployment-apps\appname\local\server.confs
can i put the server.conf file this way?
[general]
servername= server1
[sslconfig]
allowsslcompression=false
sslversions = tls1.1, tls1.2
requireclientcert=false
enablesplunkdssl=true
sslkey files=server1.pem
sslkeysfilepassword=password
caPath=$splunk_home\etc\auth
sslPassword=password
[general]
servername= server2
[sslconfig]
allowsslcompression=false
sslversions = tls1.1, tls1.2
requireclientcert=false
enablesplunkdssl=true
sslkey files=server2.pem
sslkeysfilepassword=password
caPath=$splunk_home\etc\auth
sslPassword=password
Hi garethatiag
I do not understand
I am trying to push the individual pem files for my clients on the deployment server to the client servers. plus edit the indivdual client server's server.conf to point to the respective cert.
do i edit the put these files in the deployment server's splunk_home\etc\deployment-apps\myserverconfigindexgroup\server1.pem to push the pem certificate for server1.pem down to server1?
If your happy with all your clients using a common SSL file then pushing from the deployment server is going to be an easy way to do this...
The documentation for securing Splunk with SSL in particular the section about securing the deployment server and clients
You do not need to override all the configuration, only the relevant parts that you are changing as per the documentation...