Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Including SSL Certificates in a Splunk App

adrianathome
Communicator
‎06-26-2013 06:41 PM

I tried to include my own certificates to encrypt forwarder to indexer communications via an app. However, the forwarder was not able to read the cert from $SPLUNK_HOME/etc/apps/myapp/local. The forwarder would only use the certs if located under $SPLUNK_HOME/etc/certs.

Are SSL certificates one of those items that cannot be bundled in a Splunk app?

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎06-26-2013 08:18 PM

you are correct. those items can not be in Splunk apps, and must be distributed to $SPLUNK/etc/auth. If you are using deployment server to distribute apps, you must use some other way to distribute the certificates.

View solution in original post

Reply
Solved! Jump to solution

joshuariley
New Member
‎10-11-2018 06:12 AM

We have our certs deployed via an app. In our ouputs, we just point to the app path as the cert path and it works fine. Alternatively, you can deploy and script with the cert and move the cert from the app into $SPLUNK_HOME/etc/auth using the script.

0 Karma
Reply
Solved! Jump to solution

triest
Communicator
‎11-02-2018 08:38 AM

I can verify I have seen other customers push certs via APPS and then just update the path in a .conf file in that app. You can even reference the certs with ./

I know a place that has been doing this since the 5.x days

0 Karma
Reply
Solved! Jump to solution

jcspigler2010
Path Finder
‎03-01-2017 04:24 AM

I know this is an older post so I understand if my question gets batted to the side. But is there a technical reason as to why you can't have certificates located in an app directory? It just seems like a way more intuitive way to deploy SSL related configurations as opposed to using something like ansible or GPOs.

Thanks!

Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎06-26-2013 08:18 PM

you are correct. those items can not be in Splunk apps, and must be distributed to $SPLUNK/etc/auth. If you are using deployment server to distribute apps, you must use some other way to distribute the certificates.

Reply
Solved! Jump to solution

adrianathome
Communicator
‎06-26-2013 08:23 PM

Thanks for confirming my suspicion.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...