https://community.splunk.com/t5/Splunk-Search/How-do-I-change-the-Common-Name-CN-SplunkServerDefaultCert-to/m-p/166301#M47363 <P>Hello Admins,</P> <P>Can you help us on how to use the self-signed certs, so that i think we could see this issue in depth,<BR /> I believe the problem occurs with the default Installation package which has the default certs, (i am not sure).</P> <P>Any help in providing the installation guide for the linux setup with certs would certainly help me to start with this..</P> <P>Thank you in advance.</P> <P>Regards,<BR /> Venu</P> Tue, 28 Apr 2015 06:40:44 GMT SandzVG 2015-04-28T06:40:44Z https://community.splunk.com/t5/Splunk-Search/How-do-I-change-the-Common-Name-CN-SplunkServerDefaultCert-to/m-p/166300#M47362 <P>Hello,</P> <P>Splunk cert shows up in our vulnerability report, </P> <P>The Subject Common Name (CN) found in the X.509 cert doesn't seem to match scan target xx.xx.xx.xx (IP)</P> <P>More details <BR /> Subject CN SplunkServerDefaultCert doesnt match the node name XX.XX.XX.XX (IP)<BR /> Subject CN SplunkServerDefaultCert doesnt match the DNS name <BR /> Subject CN SplunkServerDefaultCert could not be resolved to an IP address via DNS Lookup.</P> <P>I'm new to splunk, so requesting admins here on how I could change the CN = SplunkServerDefaultCert to the hostname?</P> <P>Any help is highly appreciated.</P> <P>Regards,<BR /> Venu</P> Mon, 27 Apr 2015 05:14:03 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-change-the-Common-Name-CN-SplunkServerDefaultCert-to/m-p/166300#M47362 SandzVG 2015-04-27T05:14:03Z https://community.splunk.com/t5/Splunk-Search/How-do-I-change-the-Common-Name-CN-SplunkServerDefaultCert-to/m-p/166301#M47363 <P>Hello Admins,</P> <P>Can you help us on how to use the self-signed certs, so that i think we could see this issue in depth,<BR /> I believe the problem occurs with the default Installation package which has the default certs, (i am not sure).</P> <P>Any help in providing the installation guide for the linux setup with certs would certainly help me to start with this..</P> <P>Thank you in advance.</P> <P>Regards,<BR /> Venu</P> Tue, 28 Apr 2015 06:40:44 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-change-the-Common-Name-CN-SplunkServerDefaultCert-to/m-p/166301#M47363 SandzVG 2015-04-28T06:40:44Z https://community.splunk.com/t5/Splunk-Search/How-do-I-change-the-Common-Name-CN-SplunkServerDefaultCert-to/m-p/166302#M47364 <P>Hello Admins,</P> <P>Could you please provide a way to raise a support case with you guys for investigation. I think this is getting no where.</P> <P>Regards,</P> Tue, 05 May 2015 05:43:35 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-change-the-Common-Name-CN-SplunkServerDefaultCert-to/m-p/166302#M47364 SandzVG 2015-05-05T05:43:35Z https://community.splunk.com/t5/Splunk-Search/How-do-I-change-the-Common-Name-CN-SplunkServerDefaultCert-to/m-p/166303#M47365 <P>Ok, then.. after parsing all the .pem files, i found this </P> <P>the </P> <PRE><CODE>C:\Program Files\SplunkUniversalForwarder\etc\auth\server.pem </CODE></PRE> <P>contains the Subject: CN=SplunkServerDefaultCert, O=SplunkUser</P> <P>Now i need to re-generate keeping intact the other certs that ship along... any ideas?</P> <P>Regards,<BR /> Venu</P> Tue, 05 May 2015 11:28:30 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-change-the-Common-Name-CN-SplunkServerDefaultCert-to/m-p/166303#M47365 SandzVG 2015-05-05T11:28:30Z https://community.splunk.com/t5/Splunk-Search/How-do-I-change-the-Common-Name-CN-SplunkServerDefaultCert-to/m-p/166304#M47366 <P>Hello Guys,</P> <P>Regenrate self-signed certs if your comp has no CA present , follow the below procedure..</P> <P>Please take a backup of <CODE>c:\Program Files\SplunkUniversalForwarder\etc\auth</CODE> Folder in Windows.<BR /> Below commands should be executed from the path <CODE>c:\Program Files\SplunkUniversalForwarder\etc\auth</CODE> <BR /> When prompted to enter the details in the CERT. during creation.</P> <P>C=US<BR /> ST=SF<BR /> L=WD<BR /> O=Splunk<BR /> OU=SPLUNK<BR /> CN=&lt;FQDN of the server&gt; # this is the critical value that has to be the hostname on which the cert is being generated,rest can be anything.<BR /> Password : changeme2<BR /> emailAddress=&lt;user&gt;@&lt;comp&gt;.com</P> <P>Generate a New CA key and Cert</P> <PRE><CODE> openssl ecparam -out ca-key.pem -genkey -name prime256v1 openssl req -x509 -new -key ca-key.pem -out ca-cert.pem </CODE></PRE> <P>Next we generate a CSR to sign the CERT/KEYs</P> <PRE><CODE> openssl ecparam -out server-key.pem -genkey -name prime256v1 -noout openssl req -new -key server-key.pem -out server-csr.pem </CODE></PRE> <P>Finally using our CSR we generate a Cert. Here we use the CA we previously generated </P> <H1>10 years</H1> <PRE><CODE> openssl x509 -req -days 3650 -in server-csr.pem -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem </CODE></PRE> <P>Convert cert and key to PEM format</P> <H1>Using Cygwin Bash Shell</H1> <PRE><CODE> cat server-cert.pem server-key.pem &amp;gt; server.pem </CODE></PRE> <P>Renamed the below certs as per the call from outputs.conf in splunk.</P> <PRE><CODE> ca-cert.pem to cacert.pem ca-key.pem to ca.key </CODE></PRE> <P>Restart the SplunkForwarder and verify the splunkd.log for any CA related errors. If no errors we are good.</P> <P>NOTE: These are self-signed certs with CN = (hostname FQDN)</P> <P>i think this is the long story short, good luck</P> <P>Regards,<BR /> Venu</P> Wed, 13 May 2015 09:11:57 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-change-the-Common-Name-CN-SplunkServerDefaultCert-to/m-p/166304#M47366 SandzVG 2015-05-13T09:11:57Z