Solved: Splunk Universal Forwarder, 8089 management port S...

rossikwan · ‎03-03-2015

As the Splunk Universal Forwarder installed 3 yrs ago (1,094 days) & it doesn't upgraded.

The SSL certificate used in 8089 management port will be expired & be changelled by auditors.

According to the nrpeter's comment in below URL, the server.pem (used for the SSL certification) located in /opt/splunkforwarder/etc/auth will be recreated while it's missing when Splunkd start.

http://answers.splunk.com/answers/33308/splunk-fowarder-ssl-error-error-tcpoutputproc.html

As a result, except to upgrade the Splunk Universal Forwarder to latest version, we could remove the server.pem and restart the Splunk UF.

And we could use below command to check the renewed certification information. Hope this help.

command:
/usr/bin/openssl s_client -connect localhost:8089
OR
/usr/bin/openssl s_client -connect 127.0.0.1:8089

And the results could be checked by below online services.

Decode SSL certificate Online
https://www.trustico.com/ssltools/decode/certificate-pem/decode-certificate.php

rossikwan · ‎03-03-2015

self solved

View solution in original post

rossikwan · ‎03-03-2015

self solved

nurtdi · ‎03-31-2017

I downvoted this post because no solution - not an answer

bdavistsp · ‎10-06-2016

I downvoted this post because no solution given.

Splunk Universal Forwarder, 8089 management port SSL certificate expired

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation