Re: Losing splunkforwarders / deployment server co...

splunkreal · ‎04-22-2018

Hello,

if default server.pem on the forwarders expires, do you know if we keep connection with the deployment server (which also hosts management console, cluster master, license manager...) and so be able to provide new certificate for agents? Deployer URL is https.

We have sslVerifyServerCert = false set on the fwd.

Thanks.

* If this helps, please upvote or accept solution 🙂 *

dantimola · ‎04-23-2018

Hello, Once the default ssl certificate expires, connection between deployment server and the client will be revoked, our workaround is to upgrade the universal forwarder so that it will renew the default certificates, however, Splunk's recommendation is DO NOT USE THE DEFAULT CERTIFICATE, generate a new one self-sign certificate, it will be more secure, to do that you can follow the instructions on the link below:

https://docs.splunk.com/Documentation/Splunk/7.0.3/Security/Howtoself-signcertificates
certificates signed by third party: https://docs.splunk.com/Documentation/Splunk/7.0.3/Security/Getthird-partycertificatesforSplunkWeb

splunkreal · ‎04-23-2018

Thanks, unfortunately we can't upgrade forwarders easily for the moment.

* If this helps, please upvote or accept solution 🙂 *

dantimola · ‎04-25-2018

Then you can proceed with generating a self-signed certificate. 🙂

p_gurav · ‎04-23-2018

This may help:
https://answers.splunk.com/answers/596538/renewing-serverpem-certificate.html

Losing splunkforwarders / deployment server connection if any certificate expired?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!