Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Need to regenerate SSL Cert for SplunkWeb

balbano
Contributor
‎04-04-2013 03:35 PM

Hi guys,

My SplunkWeb SSL Certificate is set to expire tomorrow.

I'd like to renew it or regenerate a new one.

Can someone show me how to do that?

Thanks.
Brian

Tags (2)
Reply

Michael
Contributor
‎01-31-2017 09:27 AM

Don't bother following that link to the docs... (pfft, RTFM answers...)
The following was true on v6.5.

Bottom line is -- (for self-generated keys):

Keys are located in splunkweb, as pointed to in web.conf:
/opt/splunk/etc/system/default/web.conf

Pertinent section:

 # SSL certificate files.
 privKeyPath = $SPLUNK_HOME/etc/auth/splunkweb/privkey.pem
 serverCert = $SPLUNK_HOME/etc/auth/splunkweb/cert.pem

If you make any changes, of course, copy this section into a “local” version:
/opt/splunk/etc/system/local/web.conf

Backup old keys:

 # cd $SPLUNK_HOME/etc/auth/splunkweb
 # mv cert.pem old.cert.pem
 # mv privkey.pem old.privkey.pem

Make new:
This will create new web-keys with the same default names (privkey.pem and cert.pem) in the directory you want to run it. I simply CD’d into /etc/auth/splunkweb/ and ran it. This way you don’t need to move anything or change anything in web.conf.

 # /opt/splunk/bin/splunk createssl web-cert 3072

Other options are:
audit-keys|server-cert|web-cert [1024|2048|3072]

Restart Splunk
# /opt/splunk/bin/splunk restart

Done.

To use a shiny new fancy issued cert, simply drop it in the /etc/auth/splunkweb/ directory and make sure web.conf points to the right names. Restart.

Cheers!
Michael

Reply

gkanapathy
Splunk Employee
Splunk Employee
‎04-04-2013 04:34 PM

You can create new SSL certs using the $SPLUNK_HOME/bin/splunk createssl command. Run $SPLUNK_HOME/bin/splunk help createssl for the parameters, and make sure you back up your old certificates first.

Reply

jworthington_sp
Splunk Employee
Splunk Employee
‎04-04-2013 03:40 PM

The documentation talks a bit about generating and using new certificates:

http://docs.splunk.com/Documentation/Splunk/latest/Security/AboutsecuringauthenticationtoSplunkWeb

Hope that helps!

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...