Hello guys,
is there documentation somewhere explaining roles of default certificates, especially cacert.pem/ca.pem :
cacert.pem : SplunkCommonCA
ca.pem : SplunkCommonCA with private key (no pwd)
server.pem : server certificate, can be renewed by deleting + restart splunkd
Thanks 🙂
Hi @splunkreal
here
nothing about ca.pem
https://docs.splunk.com/Documentation/Splunk/8.2.0/Security/Aboutdefaultcertificateauthentication
https://wiki.splunk.com/Community:Splunk2Splunk_SSL_3rdPartyCA
Not clear, it seems cacert.pem is for management port and ca.pem for web, of course server.pem for the server certificate.
https://community.splunk.com/t5/Security/cacert-pem-Why-does-Splunk-need-it-to-start/m-p/246234