×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
msmouse05
New Member
Member since: ‎06-03-2025
‎11-03-2025
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎06-03-2025
View All

Change Splunk Enterprise Default Certificate to us...

by in Splunk Enterprise
‎11-03-2025 12:13 PM
‎11-03-2025 12:13 PM
Our Splunk Enterprise installs are working properly, and the web apps show no certificate errors however Tenable Nessus scans are dinging all four servers with "SSL Certificate with Wrong Hostname (45411)" plugin, stating the common name in the certificate is SplunkServerDefaultCert which is not the same as the hostname of the server. The web apps are configured with proper certificates from our CA with the correct common name. However, the Splunkd service that is running is using this SplunkServerDefaultCert which is where the vulnerability comes from. I verified this by stopping the Splunkd service, rescanning the server and the vulnerability goes away and then comes back when it is restarted.  I'm not very experience with certificates, so am figure a lot of this out as I go.  I believe this is coming from the server.pem and ca.pem files in the $SPLUNK_HOME/etc/auth/ directory. I'm just not sure how I go about swapping those out with a certificate from our own CA with the correct common name. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎11-03-2025 11:53 AM