if default server.pem on the forwarders expires, do you know if we keep connection with the deployment server (which also hosts management console, cluster master, license manager...) and so be able to provide new certificate for agents? Deployer URL is https.
We have sslVerifyServerCert = false set on the fwd.
Hello, Once the default ssl certificate expires, connection between deployment server and the client will be revoked, our workaround is to upgrade the universal forwarder so that it will renew the default certificates, however, Splunk's recommendation is DO NOT USE THE DEFAULT CERTIFICATE, generate a new one self-sign certificate, it will be more secure, to do that you can follow the instructions on the link below:
certificates signed by third party: https://docs.splunk.com/Documentation/Splunk/7.0.3/Security/Getthird-partycertificatesforSplunkWeb