Security

How do I renew an expired Splunk Certificate?

khusain_splunk
Splunk Employee
Splunk Employee

We have a distributed Splunk environment and the certificate for Splunk API in port tcp/8089 on the search head has expired.

How do I renew the Splunk Certificates?

0 Karma
1 Solution

khusain_splunk
Splunk Employee
Splunk Employee

First check if really Certs expired:

Windows:

C:\Program Files\splunk\bin> openssl x509 -enddate -noout -in "C:\Program Files\splunk\etc\auth\server.pem

Linux:
openssl x509 -enddate -noout -in /opt/splunk/etc/auth/server.pem

If it has been expired then rename /opt/splunk/etc/auth/server.pem to server.pem.back and restart splunkd.

./splunk restart

This will regenerate the server.pem file and renewed the certs.

View solution in original post

harsmarvania57
SplunkTrust
SplunkTrust
0 Karma

khusain_splunk
Splunk Employee
Splunk Employee

First check if really Certs expired:

Windows:

C:\Program Files\splunk\bin> openssl x509 -enddate -noout -in "C:\Program Files\splunk\etc\auth\server.pem

Linux:
openssl x509 -enddate -noout -in /opt/splunk/etc/auth/server.pem

If it has been expired then rename /opt/splunk/etc/auth/server.pem to server.pem.back and restart splunkd.

./splunk restart

This will regenerate the server.pem file and renewed the certs.

View solution in original post


Tune In & Win!

Don't miss out on your
chance to take home free
prizes by helping our players
save the Splunk Cloudom!

Dungeons & Data
Monsters: Splunk O11y
Day Editions Games
stream live:
5/4 at 6:30pm PST
5/5 at 7:00pm PST
on