Security

Losing splunkforwarders / deployment server connection if any certificate expired?

Builder

Hello,

if default server.pem on the forwarders expires, do you know if we keep connection with the deployment server (which also hosts management console, cluster master, license manager...) and so be able to provide new certificate for agents? Deployer URL is https.

We have sslVerifyServerCert = false set on the fwd.

Thanks.

Communicator

Hello, Once the default ssl certificate expires, connection between deployment server and the client will be revoked, our workaround is to upgrade the universal forwarder so that it will renew the default certificates, however, Splunk's recommendation is DO NOT USE THE DEFAULT CERTIFICATE, generate a new one self-sign certificate, it will be more secure, to do that you can follow the instructions on the link below:

https://docs.splunk.com/Documentation/Splunk/7.0.3/Security/Howtoself-signcertificates
certificates signed by third party: https://docs.splunk.com/Documentation/Splunk/7.0.3/Security/Getthird-partycertificatesforSplunkWeb

0 Karma

Builder

Thanks, unfortunately we can't upgrade forwarders easily for the moment.

0 Karma

Communicator

Then you can proceed with generating a self-signed certificate. 🙂

Champion
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!