Hello,
I have a doubt with respect to the below stanzas in Heavy forwarder and indexers. Will the below stanzas ensures SSL authentication only OR it will encrypt the communication as well? If it ensures encryption as well can you please put some light?
outputs.conf in Heavy Forwarder
[tcpout]
defaultGroup = splunkssl
[tcpout:splunkssl]
server = 1.1.1.1:9997
sslRootCAPath = $SPLUNK_HOME/etc/auth/mycerts/myCACertificate.pem
sslCertPath = $SPLUNK_HOME/etc/auth/mycerts/myForwarderCertificate.pem
sslPassword = $%^!@#%
sslVerifyServerCert = true
sslCommonNameToCheck = xyz.abc
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
inputs.conf in Indexer
[SSL]
rootCA = $SPLUNK_HOME/etc/auth/mycerts/myCACertificate.pem
serverCert = $SPLUNK_HOME/etc/auth/mycerts/myIndexerCertificate.pem
password = ^#$%
requireClientCert = true
[splunktcp-ssl:9997]
compressed = true
↧