I have follow the splunk instruction, on my Windows Indexer server I have created a CAroot.pem file
I have also created a myNewServerCertificate.pem file using the instruction combining the below 3 files
type myServerCertificate.pem myServerPrivateKey.key myCACertificate.pem > myNewServerCertificate.pem
I have also created a myNewForwardercertificate.pem file using the instruction combining the 3 below files
type myForwarderCertificate.pem myForwarderPrivateKey.key myCACertificate.pem > myNewForwarderCertificate.pem
On my Indexer i pointed inputs.conf to the new cert but when i look in the logs it not using the new cert instead it goes back to the default cert server.pem
my inputs.conf
[splunktcp-ssl:9997]
disabled = 0
[SSL]
serverCert = $SPLUNK_HOME/etc/auth/mycerts/myNewServerCertificate.pem
sslPassword = password123
requireClientCert = false
- On my Forwarder here is my outputs.conf and server.conf
ouputs.conf:
[tcpout]
defaultGroup = splunkssl
[tcpout:splunkssl]
server = 192.168.43.140:9997
[tcpout-server://192.168.43.140:9997]
clientCert = $SPLUNK_HOME/etc/auth/mycerts/myNewForwarderCertificate.pem
sslPassword = $1$F9PZO6wn/g==
sslVerifyServerCert = false
server.conf:
[sslConfig]
serverCert = $SPLUNK_HOME\etc\auth\mycerts\myCACertificate.pem
password = $1$F9PZO6wn/g==
caCertFile = myCACertificate.pem
caPath = $SPLUNK_HOME\etc\auth\mycerts
sslPassword = $1$F9PZO6wn/g==
I can't seem to get ssl going with the self sign cert, can anybody shed some light for me.
thanks,
