Don't bother following that link to the docs... (pfft, RTFM answers...)
The following was true on v6.5.
Bottom line is -- (for self-generated keys):
Keys are located in splunkweb, as pointed to in web.conf:
/opt/splunk/etc/system/default/web.conf
Pertinent section:
# SSL certificate files.
privKeyPath = $SPLUNK_HOME/etc/auth/splunkweb/privkey.pem
serverCert = $SPLUNK_HOME/etc/auth/splunkweb/cert.pem
If you make any changes, of course, copy this section into a “local” version:
/opt/splunk/etc/system/local/web.conf
Backup old keys:
# cd $SPLUNK_HOME/etc/auth/splunkweb
# mv cert.pem old.cert.pem
# mv privkey.pem old.privkey.pem
Make new:
This will create new web-keys with the same default names (privkey.pem and cert.pem) in the directory you want to run it. I simply CD’d into /etc/auth/splunkweb/ and ran it. This way you don’t need to move anything or change anything in web.conf.
# /opt/splunk/bin/splunk createssl web-cert 3072
Other options are:
audit-keys|server-cert|web-cert [1024|2048|3072]
Restart Splunk
# /opt/splunk/bin/splunk restart
Done.
To use a shiny new fancy issued cert, simply drop it in the /etc/auth/splunkweb/ directory and make sure web.conf points to the right names. Restart.
Cheers!
Michael
... View more