Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you renew webserver certificate for Splunk systems?

rsantoso_splunk
Splunk Employee
Splunk Employee
‎12-09-2018 03:02 PM

Each server has a webserver certificate issued to their name.
These certificates are expiring soon. We need to
1. Review whether they are still in use.
2. Renew them if necessary.

0 Karma
Reply
1 Solution
Solved! Jump to solution

thambisetty
SplunkTrust
SplunkTrust
‎11-11-2023 07:09 AM

#Move files for temporary backup. you can delete temporary backup files after veriying cert is renewed. 

#To renew default splunk web cert

 

mv $SPLUNK_HOME/etc/auth/splunkweb/cert.pem $SPLUNK_HOME/etc/auth/splunkweb/cert.pem.bk
mv $SPLUNK_HOME/etc/auth/splunkweb/privkey.pem $SPLUNK_HOME/etc/auth/splunkweb/privkey.pem.bk

 

#If the cert was generated at the time of Splunk installation, splunkd cert might have been also due to expiry. you must renew this certificate if your Splunk enterprise is running KVStore. 

#To renew splunkd port ( 8089)

 

mv $SPLUNK_HOME/etc/auth/server.pem mv $SPLUNK_HOME/etc/auth/server.pem_bk

 

restart splunk. 

————————————
If this helps, give a like below.
0 Karma
Reply
Solved! Jump to solution

rsantoso_splunk
Splunk Employee
Splunk Employee
‎12-11-2018 07:53 PM

For the Splunk Web certificate, you can renew this from the Splunk server itself or if you prefer third party generated certificate you can put the certificate and private key in the Splunk directory /opt/splunk/etc/auth/splunkweb/.
Under this directory you'll find privkey.pem and cert.pem.

This configuration is defined in the /opt/splunk/etc/system/default/web.conf by default under the variableprivKeyPath and serverCert.

To renew the Certificate generated from the Splunk server:

Backup the current certificate. I use the "copy" command here instead of "mv" since you're using windows OS.

cd $SPLUNK_HOME/etc/auth/splunkweb

copy cert.pem old.cert.pem

copy privkey.pem old.privkey.pem

del cert.pem

del privkey.pem

Generate the certificate

/opt/splunk/bin/splunk createssl web-cert 3072

Restart the Splunk

/opt/splunk/bin/splunk restart

If you choose to renew from third party:

Same as the above, perform backup.

You generated the certificate and private key from third party.
And put the privkey.pem and cert.pem under /opt/splunk/etc/auth/splunkweb/

Restart the Splunk

/opt/splunk/bin/splunk restart

Once the splunk restarted you will have a new certificate for your splunk Web with the new expiry date.

Reply
Solved! Jump to solution

splunkreal
Motivator
‎01-05-2022 10:21 AM

I don't think splunk createssl web-cert 3072 is necessary, splunk would regenerate them when restarting

* If this helps, please upvote or accept solution if it solved *
0 Karma
Reply
Solved! Jump to solution
Solution

dkeck
Influencer
‎12-09-2018 10:59 PM

All you need is right here 🙂

https://docs.splunk.com/Documentation/Splunk/7.2.1/Security/AboutsecuringauthenticationtoSplunkWeb

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...

Index This | How many sevens are there between 1 and 100?

August 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...