![]() ![]() To do this, you need to add a line under a specific stanza in the nf file: I did some research, tried it out in a dev environment and sure enough, it's not needed in my environment. I started down the path of doing a custom certificate, however /u/UI_RANGER pointed out that it may not be necessary to have the UF even listen for inbound connections. PCI/Security auditors go nuts when they see an untrusted self-signed default certificate like the one that comes with the Windows Universal Forwarder agent. The crux of the issue is that port 8089 is open and listening (https) with a default certificate. I am still researching some other things.Įdit: Thanks to everyone on this thread. I may have one or two follow up questions. If this is the case, is the correct order of operations to A) update the cert in the deployment-apps folder and possibly update the nf nf, B) push the cert out and possibly the new nf nf, C) at this point all connections should drop between all UFs and the deployment server once the splunk app restarts to integrate the updates D) update the cacert file on the deployment server, E) restart deployment server, F) verify all UFs check back in. If I were to update the UF cert with a cert issued from my own internal CA, I believe this would break the trust from the deployment server to the UFs. I am thinking that right now the reason connections work between the deployment server and the UFs is that the deployment server trusts the certificate issued to the UFs. I can cut a certificate easily enough however, when I update it on the UFs, I assume I will have to also update a cacerts file somewhere on the deployment server. I intend to use the deployment server to get this done however I have a few questions. I need to get this certificate updated across all 200+ Windows boxes. When the scanner hit 8089 on all my Windows boxes it saw the default Splunk issued certificate. We did our huge network scan audit and one of the findings was that all of our Splunk Forwarders are using a default certificate. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |