Security

How do you renew webserver certificate for Splunk systems?

Splunk Employee
Splunk Employee

Each server has a webserver certificate issued to their name.
These certificates are expiring soon. We need to
1. Review whether they are still in use.
2. Renew them if necessary.

0 Karma
1 Solution

Influencer
0 Karma

Splunk Employee
Splunk Employee

For the Splunk Web certificate, you can renew this from the Splunk server itself or if you prefer third party generated certificate you can put the certificate and private key in the Splunk directory /opt/splunk/etc/auth/splunkweb/.
Under this directory you'll find privkey.pem and cert.pem.

This configuration is defined in the /opt/splunk/etc/system/default/web.conf by default under the variableprivKeyPath and serverCert.

To renew the Certificate generated from the Splunk server:

Backup the current certificate. I use the "copy" command here instead of "mv" since you're using windows OS.

cd $SPLUNK_HOME/etc/auth/splunkweb

copy cert.pem old.cert.pem

copy privkey.pem old.privkey.pem

del cert.pem

del privkey.pem

Generate the certificate

/opt/splunk/bin/splunk createssl web-cert 3072

Restart the Splunk

/opt/splunk/bin/splunk restart

If you choose to renew from third party:

Same as the above, perform backup.

You generated the certificate and private key from third party.
And put the privkey.pem and cert.pem under /opt/splunk/etc/auth/splunkweb/

Restart the Splunk

/opt/splunk/bin/splunk restart

Once the splunk restarted you will have a new certificate for your splunk Web with the new expiry date.

Influencer
0 Karma