Don't bother following that link to the docs... (pfft, RTFM answers...)
The following was true on v6.5.
Bottom line is -- (for self-generated keys):
Keys are located in splunkweb, as pointed to in web.conf:
# SSL certificate files. privKeyPath = $SPLUNK_HOME/etc/auth/splunkweb/privkey.pem serverCert = $SPLUNK_HOME/etc/auth/splunkweb/cert.pem
If you make any changes, of course, copy this section into a “local” version:
Backup old keys:
# cd $SPLUNK_HOME/etc/auth/splunkweb # mv cert.pem old.cert.pem # mv privkey.pem old.privkey.pem
This will create new web-keys with the same default names (privkey.pem and cert.pem) in the directory you want to run it. I simply CD’d into /etc/auth/splunkweb/ and ran it. This way you don’t need to move anything or change anything in web.conf.
# /opt/splunk/bin/splunk createssl web-cert 3072
Other options are:
# /opt/splunk/bin/splunk restart
To use a shiny new fancy issued cert, simply drop it in the /etc/auth/splunkweb/ directory and make sure web.conf points to the right names. Restart.
You can create new SSL certs using the
$SPLUNK_HOME/bin/splunk createssl command. Run
$SPLUNK_HOME/bin/splunk help createssl for the parameters, and make sure you back up your old certificates first.