Splunk Enterprise Security

Splunk not taking updated certificate server.pem

clacroixdurant
Explorer

We noticed this morning that all the certificates for our Splunk servers are expired since a week (discovered whilst investigating why KVStore stopped this weekend). 

I followed recommendation from other community ask by renaming server.pem to server.pem.old and restarting the Splunk service to create a new one. 

It correctly creates  a new server.pem with a valid expiration date, however it still displays the old cerficate in my browser. 

I already checked with btool, and it seems fine (pointing to server.pem). I also already checked web.conf and tried to manually indicate the file path but it's still not working...


Am I missing something? 

Labels (3)
Tags (2)
0 Karma
1 Solution

clacroixdurant
Explorer

Well, I finally found what was missing. 

 

There's another certificate for the web interface in /opt/splunk/etc/auth/splunkweb

I did the same as the other certificate (rename it to .old and restart the service) and it automatically recreated a new updated certificate. 

View solution in original post

0 Karma

clacroixdurant
Explorer

Well, I finally found what was missing. 

 

There's another certificate for the web interface in /opt/splunk/etc/auth/splunkweb

I did the same as the other certificate (rename it to .old and restart the service) and it automatically recreated a new updated certificate. 

0 Karma
Get Updates on the Splunk Community!

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...