Solved: Certificate upgrade on universal forwarders

I29851 · ‎01-24-2022

Hello all,

One of the certificates associated with our universal forwarders is due to expire this week. While we have renewed the certificate, we are yet to push it on all universal forwarders. My question is: if we are unable to push new certificate by weekend will the universal forwarders stop logging the data and sharing it with indexes?

Thank you

SinghK · ‎01-24-2022

But there is a fix, you can create a single cert and push it to all forwarders.

View solution in original post

SinghK · ‎01-24-2022

Yes as the cert is responsible for communication with indexers, so unless cert is a valid cert indexers won't allow it communicate and will not accept logs.

SinghK · ‎01-24-2022

But there is a fix, you can create a single cert and push it to all forwarders.

PickleRick · ‎01-24-2022

It's not clear which side of the connection is using certs for authentication - is it only the server or is it mutual tls. In case of mutual tls, you should not use the same crypto material for multiple clients!

Certificate upgrade on universal forwarders

administration

upgrade

using Splunk Cloud

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!