- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![Splunk Employee Splunk Employee](/html/@F88B7774A2BF2E9108D79A067A92A581/rank_icons/employee-16.png)
We have a distributed Splunk environment and the certificate for Splunk API in port tcp/8089 on the search head has expired.
How do I renew the Splunk Certificates?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![Splunk Employee Splunk Employee](/html/@F88B7774A2BF2E9108D79A067A92A581/rank_icons/employee-16.png)
First check if really Certs expired:
Windows:
C:\Program Files\splunk\bin> openssl x509 -enddate -noout -in "C:\Program Files\splunk\etc\auth\server.pem
Linux:
openssl x509 -enddate -noout -in /opt/splunk/etc/auth/server.pem
If it has been expired then rename /opt/splunk/etc/auth/server.pem to server.pem.back and restart splunkd.
./splunk restart
This will regenerate the server.pem file and renewed the certs.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Howdy! Quick follow-up on this. My apologies, still learning here. This is the first expiration since we stood up our environment.
In a distributed environment, do I do this on all my Splunk instances individually or can I do this on the deployment server and it pushes it out?
Thank you in advance! 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![harsmarvania57 harsmarvania57](https://community.splunk.com/legacyfs/online/avatars/290085.jpg)
Hi,
Please have a look at https://answers.splunk.com/answers/596538/renewing-serverpem-certificate.html#answer-597460
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![Splunk Employee Splunk Employee](/html/@F88B7774A2BF2E9108D79A067A92A581/rank_icons/employee-16.png)
First check if really Certs expired:
Windows:
C:\Program Files\splunk\bin> openssl x509 -enddate -noout -in "C:\Program Files\splunk\etc\auth\server.pem
Linux:
openssl x509 -enddate -noout -in /opt/splunk/etc/auth/server.pem
If it has been expired then rename /opt/splunk/etc/auth/server.pem to server.pem.back and restart splunkd.
./splunk restart
This will regenerate the server.pem file and renewed the certs.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![Splunk Employee Splunk Employee](/html/@F88B7774A2BF2E9108D79A067A92A581/rank_icons/employee-16.png)
If your splunk server.pem expired, then your mongo/kvstore cert copy probably expired too.
Check in $SPLUNK_HOME/var/lib/splunk/kvstore/mongo/splunk.key
if needed, you can move it aside, and restart splunk. A new one will be created based on the splunkd one.
see https://answers.splunk.com/answers/699766/can-you-help-me-with-the-following-mongod-kvstore.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This should be documented 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does anyone know if there are any options to obtain certs for more than one year?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This generates for 3 years normally.
![](/skins/images/396DDBEEAC295EB5FEC41FF128E8AC0A/responsive_peak/images/icon_anonymous_message.png)