Secure distributed search heads and peers
Distributed search configurations share search information, knowledge objects and app and configuration information over the management port.
Communication between search heads and peers relies on public-key encryption. Upon startup, Splunk generates a private key and public key on your Splunk installation. When you configure distributed search on the search head, the public keys are distributed by search heads to peers and those keys are used to secure communication. This default configuration provides built-in encryption as well as data compression that improves performance.
It is possible to swap these generated keys out with your own keys. However, it is not recommended and considered generally unnecessary. To configure public-key encryption for distributed search setups, you create your keys and distribute them to your search heads and peers. To learn more about distributing key files to distributed search peers, look in the section on configuring distributed search in the Distributed Deployment manual: "Distribute the key files".
About securing inter-Splunk communication
Secure your deployment server and clients using certificate authentication
This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18