https://community.splunk.com/t5/Security/Using-X509-certificates/m-p/583749#M15872 <P>This is not Splunk Support. Splunk Support is a service you pay for.</P><P>This is a community forum. We share knowledge out of our own free will.</P><P>Ok, we got this out of the way.</P><P>If you have a certificate installed for the web server it's up to the client who connects to the server to decide whether he wants to connect to a server which presents an invalid certificate or not.</P><P>There is an option for server.conf and outputs.conf called sslVerifyServerCert but I'm not sure if it disables expiry verification or only name/CA verification.</P><P>Anyway, you don't want expired certificates. Keep your environment current and secured.</P> Fri, 04 Feb 2022 17:22:48 GMT PickleRick 2022-02-04T17:22:48Z https://community.splunk.com/t5/Security/Using-X509-certificates/m-p/583748#M15871 <P>Dear Support,</P><P>We use X509 certificates provided by our customer certificate authority, in order to use HTTPS protocol for web pages and to encrypt the communication between instances in TLS 1.2.</P><P>- Modification of the file <EM>/opt/splunk/etc/system/local/web.conf</EM> for the Web Pages</P><P>- Modification of the file <EM>/opt/splunk/etc/system/local/server.conf</EM> for the encryption of the communication between the instances</P><P>&nbsp;</P><P>If these certificates are expired, can you tell us if an issue is expected or if the solution will still work in a degraded mode, with warning messages indicating that the certificates are expired?</P><P>&nbsp;</P><P>Thank you in advance for your answer.</P><P>BR</P><P>Malik GHALEB</P><P>&nbsp;</P> Fri, 04 Feb 2022 17:11:46 GMT https://community.splunk.com/t5/Security/Using-X509-certificates/m-p/583748#M15871 mghaleb 2022-02-04T17:11:46Z https://community.splunk.com/t5/Security/Using-X509-certificates/m-p/583749#M15872 <P>This is not Splunk Support. Splunk Support is a service you pay for.</P><P>This is a community forum. We share knowledge out of our own free will.</P><P>Ok, we got this out of the way.</P><P>If you have a certificate installed for the web server it's up to the client who connects to the server to decide whether he wants to connect to a server which presents an invalid certificate or not.</P><P>There is an option for server.conf and outputs.conf called sslVerifyServerCert but I'm not sure if it disables expiry verification or only name/CA verification.</P><P>Anyway, you don't want expired certificates. Keep your environment current and secured.</P> Fri, 04 Feb 2022 17:22:48 GMT https://community.splunk.com/t5/Security/Using-X509-certificates/m-p/583749#M15872 PickleRick 2022-02-04T17:22:48Z https://community.splunk.com/t5/Security/Using-X509-certificates/m-p/583768#M15873 <P>For TLS if the certificate expires you will not get data sent.</P><P>&nbsp;</P> Fri, 04 Feb 2022 19:49:30 GMT https://community.splunk.com/t5/Security/Using-X509-certificates/m-p/583768#M15873 burwell 2022-02-04T19:49:30Z