Mutual TLS Support In Cribl?

If I want to have data sent from my Palo Alto system using a certificate that we are using and provide a self signed certificate for us to use. Does support the use of mutual TLS?

Hi @msr1716, Yes Cribl Stream supports Mutual TLS authentication for Palo Alto Firewalls.

In your Palo/Panorama, import the certificate you wish to use for client authentication. Ensure you check the “Certificate for Secure Syslog” box.

Screen Shot 2022-09-13 at 10.11.56 PM

In Cribl, you will need to import the CA signing certificate into the Cribl console. Navigate to the Worker Group’s settings and then to Security > Certificates in the left-hand menu.

Import the CA certificate Chain into the “CA Certificate box”. Import the appropriate Public/Private keypair you wish to also use. (If one is already import/not necessary, import a dummy key to bypass the validation).

On the source, copy and paste the path of the CA certificate just uploaded into the “CA certificate Path” box.

1 UpGoat

@bdalpe what about for other tools? Does Cribl support mutual TLS?

Yes, Cribl supports mutual TLS for those protocols that support it.

@bdalpe so I could upload a certificate chain that I get from a trusted source and use that as a root cert for mutual TLS?