Each server has a webserver certificate issued to their name.
These certificates are expiring soon. We need to
1. Review whether they are still in use.
2. Renew them if necessary.
just deleting the cacert.pem and privkey.pem and restart splunk serive will create a new cert.
For the Splunk Web certificate, you can renew this from the Splunk server itself or if you prefer third party generated certificate you can put the certificate and private key in the Splunk directory /opt/splunk/etc/auth/splunkweb/.
Under this directory you'll find privkey.pem and cert.pem.
This configuration is defined in the /opt/splunk/etc/system/default/web.conf by default under the variableprivKeyPath and serverCert.
To renew the Certificate generated from the Splunk server:
Backup the current certificate. I use the "copy" command here instead of "mv" since you're using windows OS.
Generate the certificate
Restart the Splunk
If you choose to renew from third party:
Same as the above, perform backup.
You generated the certificate and private key from third party.
And put the privkey.pem and cert.pem under /opt/splunk/etc/auth/splunkweb/
Restart the Splunk
/opt/splunk/bin/splunk restart
Once the splunk restarted you will have a new certificate for your splunk Web with the new expiry date.
I don't think splunk createssl web-cert 3072 is necessary, splunk would regenerate them when restarting
All you need is right here 🙂
https://docs.splunk.com/Documentation/Splunk/7.2.1/Security/AboutsecuringauthenticationtoSplunkWeb