I upgraded my instances as per https://answers.splunk.com/answers/395886/for-splunk-enterprise-splunk-light-and-hunk-pre-63.html#an... , however, my default SSL certs ca.pem and cacert.pem are still showing the older expiration dates. What am I doing wrong?
For upgrades from an earlier version to 6.3.x, please remove existing copies of ca.pem and cacert.pem before upgrade.
Steps for Linux:
Hope this helped anyone wondering why their upgrade did not work to change the expiration dates on their default certs.
Just in Case: If the customer generated certs and gave them the names used by Splunk (ca.pem, cacert.pem), this answer does not apply. This answer only applies to default certs provided out of the box by Splunk.
For upgrades from an earlier version to 6.3.x, please remove existing copies of ca.pem and cacert.pem before upgrade.
Steps for Linux:
Hope this helped anyone wondering why their upgrade did not work to change the expiration dates on their default certs.
Just in Case: If the customer generated certs and gave them the names used by Splunk (ca.pem, cacert.pem), this answer does not apply. This answer only applies to default certs provided out of the box by Splunk.
Hello,
Thanks for these information.
Does upgrading Splunk 8 to Splunk 9 renews default Root CA like cacert.pem or should we use your procedure and delete them before upgrading? I think we can do this even after.
Kvstore could use Splunk default certificates (on instances not using third party certificates)
Best regards.
But if you have already upgraded to 6.3. How do I regenerate new certificates with new dates?
Is this needed for upgrades to version 6.4.x?
Is this necessary for universal forwarders installed on WinOS?