topic Re: Regenerate SSL certification on Splunk in Security

Regenerate SSL certification on Splunk

snehalk — Wed, 17 Dec 2014 05:58:17 GMT

Hello Everyone,

Previous my splunk instance has the SSL certification but unfortunately it got expired two days back.

I am trying for last two days but not getting how to regenerate new SSL Cert for my splunk instance.

Can any one guide me step by step procedure to regenerate it.

Note: splunk is running on Windows

Thank you.

Re: Regenerate SSL certification on Splunk

MuS — Wed, 17 Dec 2014 07:31:47 GMT

Hi snehalk,

see the docs about this topic http://docs.splunk.com/Documentation/Splunk/latest/Security/Howtoself-signcertificates

cheers, MuS

Re: Regenerate SSL certification on Splunk

danielwill — Sat, 17 Feb 2024 10:13:20 GMT

Certainly! There are a few stages involved in regenerating SSL certificates for your Windows Splunk instance. Here's a step-by-step guide:

1. Generate a New SSL Certificate

- Open a command prompt that has administrator access
- Go to the directory of the Splunk bin. It's usually found under C:\Program Files\Splunk\bin.
- To create a fresh SSL certificate, utilize the Splunk command-line utility

Run the following command

Splunk createssl server-cert -d <your_domain_name>

2. Configure Splunk to Use the New Certificate

- Go to the directory where Splunk configuration is located. Usually, it can be found at C:\Program Files\Splunk\etc\system\local
- Open web.conf in a text editor
- To point to the newly generated SSL certificate and private key, update the privKeyPath and serverCert settings

[settings]
enableSplunkWebSSL = true
privKeyPath = C:\Program Files\Splunk\etc\auth\server.pem
serverCert = C:\Program Files\Splunk\etc\auth\server.pem

3. Restart Splunk

- With administrator rights, open a command prompt
- Go to the Splunk bin directory
- Use the following command to restart Splunk

Splunk restart

4. Test the New SSL Configuration

- Open a web browser and use HTTPS to access the Splunk web interface
- A green padlock icon signifying a secure connection ought should be visible. To verify that it is the new certificate with a valid expiration date, click on it to examine the certificate details

You should be able to use these procedures to for your Windows Splunk instance and make sure that it is connecting securely with the new certificates.

Re: Regenerate SSL certification on Splunk

kiran_panchavat — Tue, 13 Feb 2024 05:15:34 GMT

Steps to regenerate the SSL certificate for your Splunk instance running on Windows. Follow these instructions:

Check if the Certificate Has Expired:
#####################################

Open a command prompt or PowerShell window.

Navigate to your Splunk installation directory (usually C:\Program Files\splunk\bin).

Run the following command to check the certificate expiration date:

openssl x509 -enddate -noout -in "C:\Program Files\splunk\etc\auth\server.pem"

If the certificate has expired, proceed to the next step.

Backup the Existing Certificate:
#################################

Rename the existing certificate file (server.pem) to server.pem.back. You can do this by running:

ren "C:\Program Files\splunk\etc\auth\server.pem" server.pem.back

Restart Splunk:
###############

Restart the Splunk service to regenerate the certificate. Execute the following command:

.\splunk restart

This action will create a new server.pem file with a renewed certificate.

Verify the New Certificate:
###########################

Confirm that the new certificate has been generated successfully by checking the expiration date again:

openssl x509 -enddate -noout -in "C:\Program Files\splunk\etc\auth\server.pem"

How to create and sign your own TLS certificates - Splunk Documentation