We have updated our Terms of Service, Code of Conduct, and Addendum.

Certificates and Enabling TLS

Can someone assist in explaining the difference between setting the Cribl General TLS settings versus the distributed TLS settings and what server certificates need to be applied? Where do we need to put the server.pem certs versus the web certs? Currently I am using mutual authentication and each host has their own self-signed certificates.

Best Answer

  • Kyle McCririe
    Kyle McCririe Posts: 29 ✭✭
    Answer ✓

    Depending on what you want to secure with TLS you will set it up in a different spot.

    The General TLS settings set up TLS for the Browser to Leader communications.

    The distributed TLS settings are for Worker to Leader communications.

    Here is an excellent doc on securing stream. Securing Cribl Stream | Cribl Docs
    I use this to determine where to put the Certificates. You can see if you are doing Worker to Leader communications the Worker is the Client and the Leader is the Server. So you will need to put the according certs on each one.

    Here is an excellent blog on securing Worker to Leader communications with mTLS. This should also help you determine what certs need to go where. https://cribl.io/blog/how-to-secure-logstream-worker-to-leader-communications/

Answers

  • Kyle McCririe
    Kyle McCririe Posts: 29 ✭✭
    Answer ✓

    Depending on what you want to secure with TLS you will set it up in a different spot.

    The General TLS settings set up TLS for the Browser to Leader communications.

    The distributed TLS settings are for Worker to Leader communications.

    Here is an excellent doc on securing stream. Securing Cribl Stream | Cribl Docs
    I use this to determine where to put the Certificates. You can see if you are doing Worker to Leader communications the Worker is the Client and the Leader is the Server. So you will need to put the according certs on each one.

    Here is an excellent blog on securing Worker to Leader communications with mTLS. This should also help you determine what certs need to go where. https://cribl.io/blog/how-to-secure-logstream-worker-to-leader-communications/

  • talantacp
    talantacp Posts: 3

    Thank you for he information