https://community.splunk.com/t5/Security/Custom-Splunk-management-port-8089-certificate/m-p/538147#M12072 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/171872">@splunkreal</a>,</P><P>Since Splunk Web is communicating with splunkd running on 8089, you should update web.conf too.</P><P>If this server is Deployment server, you should distribute the certificate to clients too. &nbsp;</P><P>&nbsp;</P> Mon, 01 Feb 2021 18:32:55 GMT scelikok 2021-02-01T18:32:55Z https://community.splunk.com/t5/Security/Custom-Splunk-management-port-8089-certificate/m-p/538142#M12071 <P>Hello guys,</P><P>tried to update server.conf but Splunk crashed with handshake failure accessing <A href="https://localhost:8089" target="_blank">https://localhost:8089</A></P><P>[sslConfig]<BR />#sslPassword = $7$OXZyp5GzoeMoXOIUSMqIFC+4Od7JKUacyjpUPBRobqwXbKYgAoObNg==<BR />serverCert = $SPLUNK_HOME/etc/apps/APP_OUTPUTS/default/preproduction-server.pem<BR />sslPassword = xxx<BR />sslRootCAPath = $SPLUNK_HOME/etc/apps/APP_OUTPUTS/default/preproduction-cacert.pem<BR />requireClientCert = true</P><P>Is it necessary to also update web.conf according to <A href="https://docs.splunk.com/Documentation/Splunk/7.3.4/Security/Securingyourdeploymentserverandclients?" target="_blank">https://docs.splunk.com/Documentation/Splunk/7.3.4/Security/Securingyourdeploymentserverandclients?</A></P><P>May it break the deployment server / DS clients?</P><P>&nbsp;</P><P>Also does it impact implementation of [tcp-ssl] port?</P><P>Thanks.</P> Mon, 01 Feb 2021 18:23:09 GMT https://community.splunk.com/t5/Security/Custom-Splunk-management-port-8089-certificate/m-p/538142#M12071 splunkreal 2021-02-01T18:23:09Z https://community.splunk.com/t5/Security/Custom-Splunk-management-port-8089-certificate/m-p/538147#M12072 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/171872">@splunkreal</a>,</P><P>Since Splunk Web is communicating with splunkd running on 8089, you should update web.conf too.</P><P>If this server is Deployment server, you should distribute the certificate to clients too. &nbsp;</P><P>&nbsp;</P> Mon, 01 Feb 2021 18:32:55 GMT https://community.splunk.com/t5/Security/Custom-Splunk-management-port-8089-certificate/m-p/538147#M12072 scelikok 2021-02-01T18:32:55Z https://community.splunk.com/t5/Security/Custom-Splunk-management-port-8089-certificate/m-p/538247#M12073 <P>Thanks it works <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>I used&nbsp;requireClientCert&nbsp; = false as certification is not dedicated to my host otherwise do you mean we should distribute the certificates to deployment clients, this would be time-consuming and out of Splunk scope (deploy certs through Puppet/Ansible for instance)?</P> Tue, 02 Feb 2021 09:30:27 GMT https://community.splunk.com/t5/Security/Custom-Splunk-management-port-8089-certificate/m-p/538247#M12073 splunkreal 2021-02-02T09:30:27Z