I use Nessus to scan for SSL issues, and the Splunk Web interface is being flagged due to the self signed certs. I have managed to make my indexer / search head use internally MS CA certs and go the cert chain sorted for the login screen to Splunk Web. My question is, do I use a similar process for the forwarders, or can I shut down the web interface on the Universal forwarder? If so, how? If not, how do I change the certs on the UF?
↧