Security
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you renew webserver certificate for Splunk systems?

rsantoso_splunk
Splunk Employee
Splunk Employee
‎12-09-2018 03:02 PM

Each server has a webserver certificate issued to their name.
These certificates are expiring soon. We need to
1. Review whether they are still in use.
2. Renew them if necessary.

0 Karma
Reply
1 Solution
Solved! Jump to solution

thambisetty
SplunkTrust
SplunkTrust
‎11-11-2023 07:09 AM

#Move files for temporary backup. you can delete temporary backup files after veriying cert is renewed. 

#To renew default splunk web cert

 

mv $SPLUNK_HOME/etc/auth/splunkweb/cert.pem $SPLUNK_HOME/etc/auth/splunkweb/cert.pem.bk
mv $SPLUNK_HOME/etc/auth/splunkweb/privkey.pem $SPLUNK_HOME/etc/auth/splunkweb/privkey.pem.bk

 

#If the cert was generated at the time of Splunk installation, splunkd cert might have been also due to expiry. you must renew this certificate if your Splunk enterprise is running KVStore. 

#To renew splunkd port ( 8089)

 

mv $SPLUNK_HOME/etc/auth/server.pem mv $SPLUNK_HOME/etc/auth/server.pem_bk

 

restart splunk. 

————————————
If this helps, give a like below.
0 Karma
Reply
Solved! Jump to solution

rsantoso_splunk
Splunk Employee
Splunk Employee
‎12-11-2018 07:53 PM

For the Splunk Web certificate, you can renew this from the Splunk server itself or if you prefer third party generated certificate you can put the certificate and private key in the Splunk directory /opt/splunk/etc/auth/splunkweb/.
Under this directory you'll find privkey.pem and cert.pem.

This configuration is defined in the /opt/splunk/etc/system/default/web.conf by default under the variableprivKeyPath and serverCert.

To renew the Certificate generated from the Splunk server:

Backup the current certificate. I use the "copy" command here instead of "mv" since you're using windows OS.

cd $SPLUNK_HOME/etc/auth/splunkweb

copy cert.pem old.cert.pem

copy privkey.pem old.privkey.pem

del cert.pem

del privkey.pem

Generate the certificate

/opt/splunk/bin/splunk createssl web-cert 3072

Restart the Splunk

/opt/splunk/bin/splunk restart

If you choose to renew from third party:

Same as the above, perform backup.

You generated the certificate and private key from third party.
And put the privkey.pem and cert.pem under /opt/splunk/etc/auth/splunkweb/

Restart the Splunk

/opt/splunk/bin/splunk restart

Once the splunk restarted you will have a new certificate for your splunk Web with the new expiry date.

Reply
Solved! Jump to solution

splunkreal
Motivator
‎01-05-2022 10:21 AM

I don't think splunk createssl web-cert 3072 is necessary, splunk would regenerate them when restarting

* If this helps, please upvote or accept solution if it solved *
0 Karma
Reply
Solved! Jump to solution
Solution

dkeck
Influencer
‎12-09-2018 10:59 PM

All you need is right here 🙂

https://docs.splunk.com/Documentation/Splunk/7.2.1/Security/AboutsecuringauthenticationtoSplunkWeb

0 Karma
Reply
Get Updates on the Splunk Community!

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Last month, I met with a Senior Fraud Analyst at a nationally recognized bank to discuss their recent success ...

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

What has been announced?  In the blog, “Preparing your Splunk Environment for OpensSSL3,”we announced the ...

New This Month in Splunk Observability Cloud - Synthetic Monitoring updates, UI ...

This month, we’re delivering several platform, infrastructure, application and digital experience monitoring ...
Top