Solved: Splunk Universal Forwarder, 8089 management port S...

rossikwan · ‎03-03-2015

As the Splunk Universal Forwarder installed 3 yrs ago (1,094 days) & it doesn't upgraded.

The SSL certificate used in 8089 management port will be expired & be changelled by auditors.

According to the nrpeter's comment in below URL, the server.pem (used for the SSL certification) located in /opt/splunkforwarder/etc/auth will be recreated while it's missing when Splunkd start.

http://answers.splunk.com/answers/33308/splunk-fowarder-ssl-error-error-tcpoutputproc.html

As a result, except to upgrade the Splunk Universal Forwarder to latest version, we could remove the server.pem and restart the Splunk UF.

And we could use below command to check the renewed certification information. Hope this help.

command:
/usr/bin/openssl s_client -connect localhost:8089
OR
/usr/bin/openssl s_client -connect 127.0.0.1:8089

And the results could be checked by below online services.

Decode SSL certificate Online
https://www.trustico.com/ssltools/decode/certificate-pem/decode-certificate.php

rossikwan · ‎03-03-2015

self solved

View solution in original post

rossikwan · ‎03-03-2015

self solved

View solution in original post

nurtdi · ‎03-31-2017

I downvoted this post because no solution - not an answer

bdavistsp · ‎10-06-2016

I downvoted this post because no solution given.

Splunk Universal Forwarder, 8089 management port SSL certificate expired

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >

Splunk Universal Forwarder, 8089 management port SSL certificate expired

Free LIVE events worldwide 2/8-2/12Connect, learn, and collect rad prizes and swag!Sign up now >

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >