Hi ,
I am new to Splunk administation and getting KV store errors. After checking mongod.log, found that the SSL and server certificates are expired.
We have a clustered environment :
SHC -sh1 and sh2
IDXC -sh1 acting as idx1, idx2, idx3
Stand alone acting as DS and LM
One Cluster Master and one HF.
We using Solunk 6.3 version and I not sure if ssl communication is enabled between splunk servers or not.
Could you please help me with the below:
1) How to check if ssl communication is enabled between splunk servers
2) how to check if the existing certificates are default or self signed or third party generated
3) How to renew server certificates on each splunk instance, to fix the kv store errors
Many thanks!!
Follow this answer to find out the renewal of the SSL certificate.
https://community.splunk.com/t5/Security/How-do-I-renew-an-expired-Splunk-Certificate/m-p/389701
Follow this answer to find out the renewal of the SSL certificate.
https://community.splunk.com/t5/Security/How-do-I-renew-an-expired-Splunk-Certificate/m-p/389701
Thank you @impurush . Another doubt now, is this process applicable irrespective of type of certificate (self signed or third party generated)?
Hi @Ruchi, in the case of third-party certificates, it will be the same except for the renewal part. You need to renew the certificate with your employer or from which third-party certificate you got.
Is there anyway to identify it is self signed or third party generated? This environment was built long back and there is no document to refer.
You can run the below command under the /etc/auth folder or where your certificate is placed.
openssl x509 -in server.pem -text -noout|grep -i CN
With the information, you can find out the certificate is Splunk default certificate or third party certificate.
Splunk uses the Splunk self signed certificate for the SSL communication by default.
Thank you so much @impurush
I could see that the CN is SplunkServerDefaultCert.
Hi @Ruchi, Happy to help. Could you please accept the answer, so that this thread can be marked as closed. Thanks