Hallo Team, Need some help regarding Certificates and SSO.From December 14th onwards, we are unable to access our Splunk Prod and Dev instances through SSO over the internet. It gives the site cannot be reached error.SSO is powered by Ping Federate and the SSO Team informed that SplunkServer Default Certificate has got expired and hence the issue.Upon checking further for both Prod and Dev instances , we found that -
server.pem got expired on December 14th 2020. idpCert.pem is expiring on January 15th 2021.
We generated a new server.pem file in the test environment but it seemed to be a combination of certificates and a private key.We used the following method to create the server.pem
1. Run the command: $SPLUNK_HOME\bin\openssl x509 -enddate -noout -in $SPLUNK_HOME/etc/auth/server.pem
2. Check the expiry date of output if expired then do the below steps:
3. Go to $SPLUNK_HOME\etc\auth\
4. Rename server.pem to server.pem_backup
5. Restart the splunk using command ./splunk restart
6. After restart you will be able to see a new server.pem file.
7. Check the expiry date of Certificate now using command: $SPLUNK_HOME\bin\openssl x509 -enddate -noout -in $SPLUNK_HOME/etc/auth/server.pem
8. The expiry date will be extended.