As the Splunk Universal Forwarder installed 3 yrs ago (1,094 days) & it doesn't upgraded.
The SSL certificate used in 8089 management port will be expired & be changelled by auditors.
According to the nrpeter's comment in below URL, the server.pem (used for the SSL certification) located in /opt/splunkforwarder/etc/auth will be recreated while it's missing when Splunkd start.
As a result, except to upgrade the Splunk Universal Forwarder to latest version, we could remove the server.pem and restart the Splunk UF.
And we could use below command to check the renewed certification information. Hope this help.
/usr/bin/openssl s_client -connect localhost:8089
/usr/bin/openssl s_client -connect 127.0.0.1:8089
And the results could be checked by below online services.
Decode SSL certificate Online