Getting Data In
Highlighted

How do I renew a Splunk forwarder's default certificate?

Path Finder

Hello Splunkers ,

My forwarders are running on default certificates that came up with Splunk forwarders installation. But they are going to expire now and i want to use only default ones.

So guys, please help me figure out how I can renew them for another three years .

Thanks
Manish Kumar

0 Karma
Highlighted

Re: How do I renew a Splunk forwarder's default certificate?

Splunk Employee
Splunk Employee

Usually they are updated when you upgrade. Is that an option for you? These must be old UFs?

If not, I would look at downloading the latest version of Splunk and use the certs that come with it, or I believe you can just use openssl to create a new one with a longer expiry ( https://answers.splunk.com/answers/596538/renewing-serverpem-certificate.html ).

The right thing to do would be to swap them out completely for your own. That would make your security team happy! 🙂

http://docs.splunk.com/Documentation/Splunk/7.2.1/Security/AboutsecuringyourSplunkconfigurationwithS...

View solution in original post

Highlighted

Re: How do I renew a Splunk forwarder's default certificate?

Try this bro:
Best way to fix the issue is:
1. Run the command: $SPLUNKHOME\bin\openssl x509 -enddate -noout -in $SPLUNKHOME/etc/auth/server.pem
2. Check the expiry date of output if expired then do the below steps:
3. Go to $SPLUNKHOME\etc\auth\
4. Rename server.pem to server.pem
backup
5. Restart the splunk using command ./splunk restart
6. After restart you will be able to see a new server.pem file.
7. Check the expiry date of Certificate now using command: $SPLUNKHOME\bin\openssl x509 -enddate -noout -in $SPLUNKHOME/etc/auth/server.pem
8. The expiry date will be extended.