Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Re: Splunk server certificates are expired
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi ,
I am new to Splunk administation and getting KV store errors. After checking mongod.log, found that the SSL and server certificates are expired.
We have a clustered environment :
SHC -sh1 and sh2
IDXC -sh1 acting as idx1, idx2, idx3
Stand alone acting as DS and LM
One Cluster Master and one HF.
We using Solunk 6.3 version and I not sure if ssl communication is enabled between splunk servers or not.
Could you please help me with the below:
1) How to check if ssl communication is enabled between splunk servers
2) how to check if the existing certificates are default or self signed or third party generated
3) How to renew server certificates on each splunk instance, to fix the kv store errors
Many thanks!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Follow this answer to find out the renewal of the SSL certificate.
https://community.splunk.com/t5/Security/How-do-I-renew-an-expired-Splunk-Certificate/m-p/389701
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Follow this answer to find out the renewal of the SSL certificate.
https://community.splunk.com/t5/Security/How-do-I-renew-an-expired-Splunk-Certificate/m-p/389701
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you @impurush . Another doubt now, is this process applicable irrespective of type of certificate (self signed or third party generated)?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Ruchi, in the case of third-party certificates, it will be the same except for the renewal part. You need to renew the certificate with your employer or from which third-party certificate you got.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there anyway to identify it is self signed or third party generated? This environment was built long back and there is no document to refer.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can run the below command under the /etc/auth folder or where your certificate is placed.
openssl x509 -in server.pem -text -noout|grep -i CN
With the information, you can find out the certificate is Splunk default certificate or third party certificate.
Splunk uses the Splunk self signed certificate for the SSL communication by default.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much @impurush
I could see that the CN is SplunkServerDefaultCert.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Ruchi, Happy to help. Could you please accept the answer, so that this thread can be marked as closed. Thanks
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Index This | What travels the world but is also stuck in place?
Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data
Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...
