Universal Forwarder hosts - How do I replace self-signed SSL cert with one from LetsEncrypt on Debian & Ubuntu?

New Member is alerting on all my splunk universal forwarder client hosts (Debian & Ubuntu)

It is seeing port 8089 on these hosts (probably the management port??) and throwing this error:

The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=US/ST=CA/L=San Francisco/O=Splunk/CN=SplunkCommonCA/

I dont need to encypt splunk commuications from universal forwarder to splunk server, I just want Tenable to see a signed cert on this port so it doesnt complain. Where is this file and can I replace it with my fullchain.pem from Letsencrypt that is already elsewhere on this host?



Labels (2)
Tags (3)
0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...