Is there a way to configure the management port, which is being used to access the REST API, to use the TLS certs we have from DigiCert?
I have server.conf set up with serverCert pointing to the location of that file. However, when I check using openssl on that port we get the certificate that ships with Splunk despite setting up server.conf to use the certificate from DigiCert.
Note, web access does correctly use the DigiCert certificate. It's just access over the managment port doesn't.
If you are using same/different cert for both web access port 8000 the config goes to web.conf, and management port 8089 where Rest API's can be accessible shall go to server.conf [sslConfig].
Hope you have done the restart after changes, and did you check if there are multiple versions of server.conf having splunk default certs taking precedence?
An upvote would be appreciated if this reply helps!
I've already checked all that and even though server.conf is pointed to the correct certificate it still serving the default certificate that ships with Splunk.
I will check with BTool but I know both web.conf and server.conf are configured correctly. So my question was essentially, other than those two configuration files what other files would Splunk be using? It appears there's no documentation about any other configuration files that would affect this.