As the Splunk Universal Forwarder installed 3 yrs ago (1,094 days) & it doesn't upgraded.
The SSL certificate used in 8089 management port will be expired & be changelled by auditors.
According to the nrpeter's comment in below URL, the server.pem (used for the SSL certification) located in /opt/splunkforwarder/etc/auth will be recreated while it's missing when Splunkd start.
http://answers.splunk.com/answers/33308/splunk-fowarder-ssl-error-error-tcpoutputproc.html
As a result, except to upgrade the Splunk Universal Forwarder to latest version, we could remove the server.pem and restart the Splunk UF.
And we could use below command to check the renewed certification information. Hope this help.
command:
/usr/bin/openssl s_client -connect localhost:8089
OR
/usr/bin/openssl s_client -connect 127.0.0.1:8089
And the results could be checked by below online services.
Decode SSL certificate Online
https://www.trustico.com/ssltools/decode/certificate-pem/decode-certificate.php
self solved
self solved
I downvoted this post because no solution - not an answer
I downvoted this post because no solution given.