Hello Guys,
Regenrate self-signed certs if your comp has no CA present , follow the below procedure..
Please take a backup of c:\Program Files\SplunkUniversalForwarder\etc\auth Folder in Windows.
Below commands should be executed from the path c:\Program Files\SplunkUniversalForwarder\etc\auth
When prompted to enter the details in the CERT. during creation.
C=US
ST=SF
L=WD
O=Splunk
OU=SPLUNK
CN=<FQDN of the server> # this is the critical value that has to be the hostname on which the cert is being generated,rest can be anything.
Password : changeme2
emailAddress=<user>@<comp>.com
Generate a New CA key and Cert
openssl ecparam -out ca-key.pem -genkey -name prime256v1
openssl req -x509 -new -key ca-key.pem -out ca-cert.pem
Next we generate a CSR to sign the CERT/KEYs
openssl ecparam -out server-key.pem -genkey -name prime256v1 -noout
openssl req -new -key server-key.pem -out server-csr.pem
Finally using our CSR we generate a Cert. Here we use the CA we previously generated
10 years
openssl x509 -req -days 3650 -in server-csr.pem -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
Convert cert and key to PEM format
Using Cygwin Bash Shell
cat server-cert.pem server-key.pem > server.pem
Renamed the below certs as per the call from outputs.conf in splunk.
ca-cert.pem to cacert.pem
ca-key.pem to ca.key
Restart the SplunkForwarder and verify the splunkd.log for any CA related errors. If no errors we are good.
NOTE: These are self-signed certs with CN = (hostname FQDN)
i think this is the long story short, good luck
Regards,
Venu
... View more