Security

Regenerate SSL certification on Splunk

snehalk
Communicator

Hello Everyone,

Previous my splunk instance has the SSL certification but unfortunately it got expired two days back.

I am trying for last two days but not getting how to regenerate new SSL Cert for my splunk instance.

Can any one guide me step by step procedure to regenerate it.

Note: splunk is running on Windows

Thank you.

0 Karma
1 Solution

MuS
SplunkTrust
SplunkTrust

kiran_panchavat
Path Finder

Steps to regenerate the SSL certificate for your Splunk instance running on Windows. Follow these instructions:

Check if the Certificate Has Expired:
#####################################

Open a command prompt or PowerShell window.

Navigate to your Splunk installation directory (usually C:\Program Files\splunk\bin).

Run the following command to check the certificate expiration date:

openssl x509 -enddate -noout -in "C:\Program Files\splunk\etc\auth\server.pem"

If the certificate has expired, proceed to the next step.

Backup the Existing Certificate:
#################################

Rename the existing certificate file (server.pem) to server.pem.back. You can do this by running:

ren "C:\Program Files\splunk\etc\auth\server.pem" server.pem.back

Restart Splunk:
###############

Restart the Splunk service to regenerate the certificate. Execute the following command:

.\splunk restart

This action will create a new server.pem file with a renewed certificate.

Verify the New Certificate:
###########################

Confirm that the new certificate has been generated successfully by checking the expiration date again:

openssl x509 -enddate -noout -in "C:\Program Files\splunk\etc\auth\server.pem"

How to create and sign your own TLS certificates - Splunk Documentation 

 

 

0 Karma

danielwill
Loves-to-Learn

Certainly! There are a few stages involved in regenerating SSL certificates for your Windows Splunk instance. Here's a step-by-step guide:

1. Generate a New SSL Certificate

- Open a command prompt that has administrator access
- Go to the directory of the Splunk bin. It's usually found under C:\Program Files\Splunk\bin.
- To create a fresh SSL certificate, utilize the Splunk command-line utility

Run the following command

Splunk createssl server-cert -d <your_domain_name>

2. Configure Splunk to Use the New Certificate

- Go to the directory where Splunk configuration is located. Usually, it can be found at C:\Program Files\Splunk\etc\system\local
- Open web.conf in a text editor
- To point to the newly generated SSL certificate and private key, update the privKeyPath and serverCert settings

[settings]
enableSplunkWebSSL = true
privKeyPath = C:\Program Files\Splunk\etc\auth\server.pem
serverCert = C:\Program Files\Splunk\etc\auth\server.pem


3. Restart Splunk

- With administrator rights, open a command prompt
- Go to the Splunk bin directory
- Use the following command to restart Splunk

Splunk restart

4. Test the New SSL Configuration

- Open a web browser and use HTTPS to access the Splunk web interface
- A green padlock icon signifying a secure connection ought should be visible. To verify that it is the new certificate with a valid expiration date, click on it to examine the certificate details

You should be able to use these procedures to for your Windows Splunk instance and make sure that it is connecting securely with the new certificates.

0 Karma

MuS
SplunkTrust
SplunkTrust
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...