https://community.splunk.com/t5/Getting-Data-In/For-Splunk-Enterprise-pre-6-3-default-root-certificates-expire/m-p/254121#M48765 <P>Does the default root certificate expiration on July 21, 2016 affect the "universal forwarders" ? <BR /> What is the expiration date of the new root certificate that we are asked to replace the July 21 expiring one with? </P> Thu, 19 May 2016 04:14:58 GMT opmlh0 2016-05-19T04:14:58Z https://community.splunk.com/t5/Getting-Data-In/For-Splunk-Enterprise-pre-6-3-default-root-certificates-expire/m-p/254121#M48765 <P>Does the default root certificate expiration on July 21, 2016 affect the "universal forwarders" ? <BR /> What is the expiration date of the new root certificate that we are asked to replace the July 21 expiring one with? </P> Thu, 19 May 2016 04:14:58 GMT https://community.splunk.com/t5/Getting-Data-In/For-Splunk-Enterprise-pre-6-3-default-root-certificates-expire/m-p/254121#M48765 opmlh0 2016-05-19T04:14:58Z https://community.splunk.com/t5/Getting-Data-In/For-Splunk-Enterprise-pre-6-3-default-root-certificates-expire/m-p/254122#M48766 <P>The certificate expiration will only affect universal forwarders if you have enabled encrypted connections between the forwarders and the indexers</P> <P>For more information and specifically on the forwarder question, see point 4 in the answer here:<BR /> <A href="https://answers.splunk.com/answers/395886/for-splunk-enterprise-splunk-light-and-hunk-pre-63.html">https://answers.splunk.com/answers/395886/for-splunk-enterprise-splunk-light-and-hunk-pre-63.html</A></P> Thu, 19 May 2016 08:59:15 GMT https://community.splunk.com/t5/Getting-Data-In/For-Splunk-Enterprise-pre-6-3-default-root-certificates-expire/m-p/254122#M48766 bgraabek_splunk 2016-05-19T08:59:15Z https://community.splunk.com/t5/Getting-Data-In/For-Splunk-Enterprise-pre-6-3-default-root-certificates-expire/m-p/254123#M48767 <P>How do i confirm that my forwarder not connecting to indexers using encrypted?</P> <PRE><CODE>07-14-2016 08:53:08.462 -0400 INFO TcpOutputProc - Connected to idx=xx.xx.xxx.xx:9997 using ACK. </CODE></PRE> <P>Thats the logs shows</P> Thu, 14 Jul 2016 12:55:16 GMT https://community.splunk.com/t5/Getting-Data-In/For-Splunk-Enterprise-pre-6-3-default-root-certificates-expire/m-p/254123#M48767 sim_tcr 2016-07-14T12:55:16Z https://community.splunk.com/t5/Getting-Data-In/For-Splunk-Enterprise-pre-6-3-default-root-certificates-expire/m-p/254124#M48768 <P>The ACK has to do with the <A href="http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Protectagainstlossofin-flightdata">acknowledgement setting</A> of forwarding.</P> <P>If your indexer is set up with splunktcp-ssl inputs then it should be receiving SSL (encrypted) over that port. If there are ports in the inputs for TCP (without ssl) then see what is connecting to that port in the logs to find non SSL connections.</P> Thu, 14 Jul 2016 13:46:25 GMT https://community.splunk.com/t5/Getting-Data-In/For-Splunk-Enterprise-pre-6-3-default-root-certificates-expire/m-p/254124#M48768 sloshburch 2016-07-14T13:46:25Z https://community.splunk.com/t5/Getting-Data-In/For-Splunk-Enterprise-pre-6-3-default-root-certificates-expire/m-p/254125#M48769 <P>Hello, is it possible that Splunkforwarder still works if the cacert.pem on the indexer is expired and from different certificate authority? We have sslVerifyServerCert = false set on the fwd.</P> <P>Thanks.</P> Thu, 08 Sep 2016 15:45:39 GMT https://community.splunk.com/t5/Getting-Data-In/For-Splunk-Enterprise-pre-6-3-default-root-certificates-expire/m-p/254125#M48769 splunkreal 2016-09-08T15:45:39Z