The Authentication Gate • Room 3

SSL/TLS Certificate Management

Splunk uses SSL/TLS to encrypt communication between components. By default, Splunk ships with self-signed certificates, but production environments should use proper CA-signed certs.

Web UI SSL is configured in web.conf. Inter-component SSL (forwarder-to-indexer, search head-to-peer) is configured in server.conf and outputs.conf.

Key settings: sslPassword (the password for the cert key), serverCert (path to the PEM file), and sslRootCAPath (trusted CA chain).

Use the splunk createssl command to generate self-signed certs for testing, but always use CA-signed certs in production.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

❤️❤️❤️

Question 1 of 2

Which config file controls SSL for the Splunk Web UI?

Aserver.conf

Bweb.conf

Cssl.conf

Dinputs.conf