Updating Splunk to use a cert that is trusted by r...

Hutch · ‎11-16-2022

Hello Splunkers,

We have ran into several issues primarily with getting data into Splunk over HTTP Collectors. It appears that we need to update our cert with one that has a root ca that has been applied to our Splunk instance instead of a self-signed certificate. We are trying to determine what impact updating the cert across our entire environment could have.

After adding a cert to splunk web does not push down the the HTTP collectors. They were still using the self-signed certificate. So it appears adding a new certificate to the cluster is required.

This will be my first time updating the certificate across the entire environment so feel free to provide any advice or doc pages that could assist.

Documentation we are currently using:

https://docs.splunk.com/Documentation/Splunk/9.0.2/Security/ConfigureandinstallcertificatesforLogObs...

PaulPanther · ‎11-17-2022

So if you're talking about a replacement of self signed splunk certificates and activation of ssl encryption for mgmt. port, rep. port, UF --> Indexer and so on. Following links could be helpful!

https://docs.splunk.com/Documentation/Splunk/latest/Security/AboutsecuringyourSplunkconfigurationwit...

https://docs.splunk.com/Documentation/Splunk/latest/Security/Getthird-partycertificatesforSplunkWeb

https://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkforwardingtousethedefaul...

https://docs.splunk.com/Documentation/Splunk/latest/Security/Howtogetthird-partycertificates

https://docs.splunk.com/Documentation/Splunk/latest/Security/Howtoself-signcertificates

https://docs.splunk.com/Documentation/Splunk/latest/Security/HowtoprepareyoursignedcertificatesforSp...

https://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkforwardingtousethedefaul...

https://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkforwardingtousesignedcer...