We have a distributed Splunk environment and the certificate for Splunk API in port tcp/8089 on the search head has expired.
How do I renew the Splunk Certificates?
First check if really Certs expired:
C:\Program Files\splunk\bin> openssl x509 -enddate -noout -in "C:\Program Files\splunk\etc\auth\server.pem
openssl x509 -enddate -noout -in /opt/splunk/etc/auth/server.pem
If it has been expired then rename /opt/splunk/etc/auth/server.pem to server.pem.back and restart splunkd.
This will regenerate the server.pem file and renewed the certs.
View solution in original post
Please have a look at https://answers.splunk.com/answers/596538/renewing-serverpem-certificate.html#answer-597460