We noticed this morning that all the certificates for our Splunk servers are expired since a week (discovered whilst investigating why KVStore stopped this weekend).
I followed recommendation from other community ask by renaming server.pem to server.pem.old and restarting the Splunk service to create a new one.
It correctly creates a new server.pem with a valid expiration date, however it still displays the old cerficate in my browser.
I already checked with btool, and it seems fine (pointing to server.pem). I also already checked web.conf and tried to manually indicate the file path but it's still not working...
Am I missing something?
Well, I finally found what was missing.
There's another certificate for the web interface in /opt/splunk/etc/auth/splunkweb
I did the same as the other certificate (rename it to .old and restart the service) and it automatically recreated a new updated certificate.
Well, I finally found what was missing.
There's another certificate for the web interface in /opt/splunk/etc/auth/splunkweb
I did the same as the other certificate (rename it to .old and restart the service) and it automatically recreated a new updated certificate.