

- Using splunk enterprise security install#
- Using splunk enterprise security password#
- Using splunk enterprise security download#
When both the forwarder and receiver have a "true" value for this setting, mutually authenticated TLS or mTLS is active. Configure this setting to "true" if you want your receivers to require authentication with certificates.

A value of "false" means that clients can connect without presenting a certificate. A value of "true" means that the receiving instance must see a valid certificate to let the client authenticate. Whether or not the Splunk platform instance requires that a connecting client present a valid TLS certificate before the connection can succeed. If you want to use the Certificate Assist helper package for the Splunk Assist monitoring service, then this is a required setting.
Using splunk enterprise security password#
Do not configure this setting if you did not specify a password when you created your certificates. The password that you entered when you created the certificate, if you created a password. You can specify either the absolute path to the certificate, such as /opt/splunk/etc/auth/mycerts/myServerCert.pem, or you can use a relative path, such as etc/auth/mycerts/myServerCert.pem and the instance uses the Splunk platform instance installation directory. This is the certificate that the machine uses to support inbound connections over TLS/SSL. The location of the server certificate on the Splunk platform instance. Add the following stanzas and settings to the file.ĭefines a TCP network input to receive data over TLS/SSL on the port you specify.ĭefines the TLS/SSL settings for all inputs that you define for this instance.

Prerequisites for configuring Splunk indexing and forwarding using TLS certificatesīefore you can secure communications between Splunk indexers and forwarders, you must have the following:
Using splunk enterprise security install#
For details, see Install and configure the Splunk Cloud Platform universal forwarder credentials package.
Using splunk enterprise security download#
Instead, download and use the Splunk Cloud Universal Forwarder Credentials package and install it on your forwarding infrastructure. You can either obtain certificates from a certificate authority, or create and sign them yourself.ĭo not use these instructions to configure secure forwarding of data to a Splunk Cloud Platform instance. The certificates you use can replace the default certificates that Splunk provides.

You can use transport layer security (TLS) certificates to secure connections between forwarders and indexers. Configure Splunk indexing and forwarding to use TLS certificates
