Solved: How to check certificates?

Timrit · ‎12-21-2018

I am new in Splunk and I currently need to check "Valid to:" date from our corporation hundreds of certificates in our shared folder.
But unfortunately I am not lucky enough to get .cer files work with the app. It reads only my .PEM files.
My all other .cer files are just hang in there without any timestamps.
Am I missing something here, or what can I do?

damann · ‎12-21-2018

Im not sure if this will work for you, but you can try the following if your certificates are x509 encoded:

$SPLUNK_HOME/bin/splunk cmd openssl x509 -enddate -noout -in file.cer

make sure your $SPLUNK_HOME ist set correctly or navigate manually into your bin folder.
Replace file.cer with your certificate you want to check.

Please let me know if this works for you.

View solution in original post

Timrit · ‎12-26-2018

Yep, that did the trick... Super thanks...
Some reason I need to restart the service every time I made any changes in folder to get Splunk find new files, but that´s not an issue....

damann · ‎12-21-2018

Im not sure if this will work for you, but you can try the following if your certificates are x509 encoded:

$SPLUNK_HOME/bin/splunk cmd openssl x509 -enddate -noout -in file.cer

make sure your $SPLUNK_HOME ist set correctly or navigate manually into your bin folder.
Replace file.cer with your certificate you want to check.

Please let me know if this works for you.

How to check certificates?

Splunk Mobile: Your Brand-New Home Screen

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

Are you a member of the Splunk Community?

How to check certificates?

Splunk Mobile: Your Brand-New Home Screen

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...