Solved: Re: Splunk Universal Forwarder, 8089 management po...

rossikwan · ‎03-03-2015

As the Splunk Universal Forwarder installed 3 yrs ago (1,094 days) & it doesn't upgraded.

The SSL certificate used in 8089 management port will be expired & be changelled by auditors.

According to the nrpeter's comment in below URL, the server.pem (used for the SSL certification) located in /opt/splunkforwarder/etc/auth will be recreated while it's missing when Splunkd start.

http://answers.splunk.com/answers/33308/splunk-fowarder-ssl-error-error-tcpoutputproc.html

As a result, except to upgrade the Splunk Universal Forwarder to latest version, we could remove the server.pem and restart the Splunk UF.

And we could use below command to check the renewed certification information. Hope this help.

command:
/usr/bin/openssl s_client -connect localhost:8089
OR
/usr/bin/openssl s_client -connect 127.0.0.1:8089

And the results could be checked by below online services.

Decode SSL certificate Online
https://www.trustico.com/ssltools/decode/certificate-pem/decode-certificate.php

rossikwan · ‎03-03-2015

self solved

View solution in original post

rossikwan · ‎03-03-2015

self solved

nurtdi · ‎03-31-2017

I downvoted this post because no solution - not an answer

bdavistsp · ‎10-06-2016

I downvoted this post because no solution given.

Splunk Universal Forwarder, 8089 management port SSL certificate expired

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation