Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you renew webserver certificate for Splunk systems?

rsantoso_splunk
Splunk Employee
Splunk Employee
‎12-09-2018 03:02 PM

Each server has a webserver certificate issued to their name.
These certificates are expiring soon. We need to
1. Review whether they are still in use.
2. Renew them if necessary.

0 Karma
Reply
1 Solution
Solved! Jump to solution

thambisetty
SplunkTrust
SplunkTrust
‎11-11-2023 07:09 AM

#Move files for temporary backup. you can delete temporary backup files after veriying cert is renewed. 

#To renew default splunk web cert

 

mv $SPLUNK_HOME/etc/auth/splunkweb/cert.pem $SPLUNK_HOME/etc/auth/splunkweb/cert.pem.bk
mv $SPLUNK_HOME/etc/auth/splunkweb/privkey.pem $SPLUNK_HOME/etc/auth/splunkweb/privkey.pem.bk

 

#If the cert was generated at the time of Splunk installation, splunkd cert might have been also due to expiry. you must renew this certificate if your Splunk enterprise is running KVStore. 

#To renew splunkd port ( 8089)

 

mv $SPLUNK_HOME/etc/auth/server.pem mv $SPLUNK_HOME/etc/auth/server.pem_bk

 

restart splunk. 

————————————
If this helps, give a like below.
0 Karma
Reply
Solved! Jump to solution

rsantoso_splunk
Splunk Employee
Splunk Employee
‎12-11-2018 07:53 PM

For the Splunk Web certificate, you can renew this from the Splunk server itself or if you prefer third party generated certificate you can put the certificate and private key in the Splunk directory /opt/splunk/etc/auth/splunkweb/.
Under this directory you'll find privkey.pem and cert.pem.

This configuration is defined in the /opt/splunk/etc/system/default/web.conf by default under the variableprivKeyPath and serverCert.

To renew the Certificate generated from the Splunk server:

Backup the current certificate. I use the "copy" command here instead of "mv" since you're using windows OS.

cd $SPLUNK_HOME/etc/auth/splunkweb

copy cert.pem old.cert.pem

copy privkey.pem old.privkey.pem

del cert.pem

del privkey.pem

Generate the certificate

/opt/splunk/bin/splunk createssl web-cert 3072

Restart the Splunk

/opt/splunk/bin/splunk restart

If you choose to renew from third party:

Same as the above, perform backup.

You generated the certificate and private key from third party.
And put the privkey.pem and cert.pem under /opt/splunk/etc/auth/splunkweb/

Restart the Splunk

/opt/splunk/bin/splunk restart

Once the splunk restarted you will have a new certificate for your splunk Web with the new expiry date.

Reply
Solved! Jump to solution

splunkreal
Motivator
‎01-05-2022 10:21 AM

I don't think splunk createssl web-cert 3072 is necessary, splunk would regenerate them when restarting

* If this helps, please upvote or accept solution if it solved *
0 Karma
Reply
Solved! Jump to solution
Solution

dkeck
Influencer
‎12-09-2018 10:59 PM

All you need is right here 🙂

https://docs.splunk.com/Documentation/Splunk/7.2.1/Security/AboutsecuringauthenticationtoSplunkWeb

0 Karma
Reply
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...