Need to regenerate SSL Cert for SplunkWeb


Hi guys,

My SplunkWeb SSL Certificate is set to expire tomorrow.

I'd like to renew it or regenerate a new one.

Can someone show me how to do that?


Tags (2)


Don't bother following that link to the docs... (pfft, RTFM answers...)
The following was true on v6.5.

Bottom line is -- (for self-generated keys):

Keys are located in splunkweb, as pointed to in web.conf:

Pertinent section:

 # SSL certificate files.
 privKeyPath = $SPLUNK_HOME/etc/auth/splunkweb/privkey.pem
 serverCert = $SPLUNK_HOME/etc/auth/splunkweb/cert.pem

If you make any changes, of course, copy this section into a “local” version:

Backup old keys:

 # cd $SPLUNK_HOME/etc/auth/splunkweb
 # mv cert.pem old.cert.pem
 # mv privkey.pem old.privkey.pem

Make new:
This will create new web-keys with the same default names (privkey.pem and cert.pem) in the directory you want to run it. I simply CD’d into /etc/auth/splunkweb/ and ran it. This way you don’t need to move anything or change anything in web.conf.

 # /opt/splunk/bin/splunk createssl web-cert 3072

Other options are:
audit-keys|server-cert|web-cert [1024|2048|3072]

Restart Splunk
# /opt/splunk/bin/splunk restart


To use a shiny new fancy issued cert, simply drop it in the /etc/auth/splunkweb/ directory and make sure web.conf points to the right names. Restart.


Splunk Employee
Splunk Employee

You can create new SSL certs using the $SPLUNK_HOME/bin/splunk createssl command. Run $SPLUNK_HOME/bin/splunk help createssl for the parameters, and make sure you back up your old certificates first.

Splunk Employee
Splunk Employee

The documentation talks a bit about generating and using new certificates:

Hope that helps!

.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!