Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why didn't upgrade from Splunk Enterprise 6.2.x to 6.3.x also upgrade the expiration dates on my default SSL certs?

weeb
Splunk Employee
Splunk Employee
‎05-19-2016 11:40 AM

I upgraded my instances as per https://answers.splunk.com/answers/395886/for-splunk-enterprise-splunk-light-and-hunk-pre-63.html#an... , however, my default SSL certs ca.pem and cacert.pem are still showing the older expiration dates. What am I doing wrong?

Labels (1)
Labels
Reply
1 Solution
Solved! Jump to solution
Solution

weeb
Splunk Employee
Splunk Employee
‎05-19-2016 11:44 AM

For upgrades from an earlier version to 6.3.x, please remove existing copies of ca.pem and cacert.pem before upgrade.

Steps for Linux:

  1. Stop Splunk
  2. Remove $SPLUNK_HOME/etc/auth/ca.pem
  3. Remove $SPLUNK_HOME/etc/auth/cacert.pem
  4. Upgrade procedure as usual (untar tarball over Splunk home directory)
  5. Start Splunk (this will generate a new ca.pem and cacert.pem files)

Hope this helped anyone wondering why their upgrade did not work to change the expiration dates on their default certs.

Just in Case: If the customer generated certs and gave them the names used by Splunk (ca.pem, cacert.pem), this answer does not apply. This answer only applies to default certs provided out of the box by Splunk.

View solution in original post

Reply
Solved! Jump to solution
Solution

weeb
Splunk Employee
Splunk Employee
‎05-19-2016 11:44 AM

For upgrades from an earlier version to 6.3.x, please remove existing copies of ca.pem and cacert.pem before upgrade.

Steps for Linux:

  1. Stop Splunk
  2. Remove $SPLUNK_HOME/etc/auth/ca.pem
  3. Remove $SPLUNK_HOME/etc/auth/cacert.pem
  4. Upgrade procedure as usual (untar tarball over Splunk home directory)
  5. Start Splunk (this will generate a new ca.pem and cacert.pem files)

Hope this helped anyone wondering why their upgrade did not work to change the expiration dates on their default certs.

Just in Case: If the customer generated certs and gave them the names used by Splunk (ca.pem, cacert.pem), this answer does not apply. This answer only applies to default certs provided out of the box by Splunk.

Reply
Solved! Jump to solution

splunkreal
Motivator
‎04-16-2023 12:07 PM

Hello,

Thanks for these information.

Does upgrading Splunk 8 to Splunk 9 renews default Root CA like cacert.pem or should we use your procedure and delete them before upgrading? I think we can do this even after.

Kvstore could use Splunk default certificates (on instances not using third party certificates)

Best regards.

* If this helps, please upvote or accept solution 🙂 *
0 Karma
Reply
Solved! Jump to solution

christeraustad
Explorer
‎07-22-2016 03:47 AM

But if you have already upgraded to 6.3. How do I regenerate new certificates with new dates?

0 Karma
Reply
Solved! Jump to solution

cyndiback
Path Finder
‎07-12-2016 12:04 PM

Is this needed for upgrades to version 6.4.x?

0 Karma
Reply
Solved! Jump to solution

jodros
Builder
‎07-06-2016 12:41 PM

Is this necessary for universal forwarders installed on WinOS?

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...