Hi Splunkers!
I would like to secure splunkd (port 8089) on Splunk Universal Forwarders by using a throwaway self-signed certificate.
I tried the following methods:
**1) Using msiexec to install Splunk Universal Forwarder, and also include the throwaway certificate for the forwarders**
msiexec.exe /i splunkforwarder-.msi DEPLOYMENT_SERVER=":8089" AGREETOLICENSE=Yes CERTFILE=.pem CERTPASSWORD= /quiet
This method will install Splunk Universal Forwarder, and add the certificate into `$SPLUNK_HOME\etc\auth`. However, after installation, it still uses the default Splunk certificate in `$SPLUNK_HOME\etc\system\local\server.conf`.
**2) Deploy an app containing `server.conf` to the deployment clients**
[sslConfig]
serverCert = $SPLUNK_HOME\etc\apps\ssl_app\cert\.pem
sslPassword =
sslVersions = tls
I understand this method does not work, as the configuration in `$SPLUNK_HOME\etc\system\local\server.conf` will replace any configuration done in the app.
May I know the following:
a) What is the best way to configure Splunk Universal Forwarders to use a self-signed certificate for splunkd **during** installation?
b) What is the best way to configure Splunk Universal Forwarders to use a self-signed certificate for splunkd **after** installation?
Thanks!
↧