I would like to confirm that Splunk will continue to function like when it does with the appropriate SSL certs when:
a) The CA "disappears"
b) An unknown CA owns the cert
c) There is an expired CA
Thanks,
Tjabbe
From the recent product advisory.
Product Advisory: Default root certificates for release 6.2 and prior versions of Splunk Enterprise, Splunk Light and Hunk will expire on July 21, 2016.
Failure to replace the expiring default certificates prior to July 21, 2016 will result in the immediate cessation of network traffic for any connection which uses them.
So I believe the answer to your question is no.