Universal Forwarder hosts - How do I replace self-...

Installation

Tenable.io is alerting on all my splunk universal forwarder client hosts (Debian & Ubuntu)

It is seeing port 8089 on these hosts (probably the management port??) and throwing this error:

The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=US/ST=CA/L=San Francisco/O=Splunk/CN=SplunkCommonCA/E=support@splunk.com

I dont need to encypt splunk commuications from universal forwarder to splunk server, I just want Tenable to see a signed cert on this port so it doesnt complain. Where is this file and can I replace it with my fullchain.pem from Letsencrypt that is already elsewhere on this host?

thanks,

Matt

Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...