I have follow the splunk instruction, on my Windows Indexer server I have created a CAroot.pem file
I have also created a myNewServerCertificate.pem file using the instruction combining the below 3 files
type myServerCertificate.pem myServerPrivateKey.key myCACertificate.pem > myNewServerCertificate.pem
I have also created a myNewForwardercertificate.pem file using the instruction combining the 3 below files
type myForwarderCertificate.pem myForwarderPrivateKey.key myCACertificate.pem > myNewForwarderCertificate.pem
On my Indexer i pointed inputs.conf to the new cert but when i look in the logs it not using the new cert instead it goes back to the default cert server.pem
my inputs.conf
[splunktcp-ssl:9997]
disabled = 0
[SSL]
serverCert = $SPLUNK_HOME/etc/auth/mycerts/myNewServerCertificate.pem
sslPassword = password123
requireClientCert = false
server.conf:
[sslConfig]
serverCert = $SPLUNK_HOME\etc\auth\mycerts\myCACertificate.pem
password = $1$F9PZO6wn/g==
caCertFile = myCACertificate.pem
caPath = $SPLUNK_HOME\etc\auth\mycerts
sslPassword = $1$F9PZO6wn/g==
I can't seem to get ssl going with the self sign cert, can anybody shed some light for me.
thanks,
I’m running 6.6.3 on both indexer and forwarder.
Which version of Splunk are you running on each instance? The SSL configurations changed between versions.