Solved: Azure Active Directory is going to be rolling thei...

joxley · ‎06-30-2016

Azure Active Directory is going to be rolling their signing key shortly and does so on a regular basis.

Will Splunk handle the key rollover event automatically?

rdimri_splunk · ‎07-14-2016

If your certificate is about to expire then, you can re-import metadata again. Metadata generally will have two signing keys 1) That you are currently using 2) A newer key that has longer expiration date. When verifying signature Splunk will try to verify with both the keys. The verification of signature is considered successful if it can be verified against atleast one of the configured keys. You must use 6.4 onwards for this to work though

View solution in original post

rdimri_splunk · ‎07-14-2016

If your certificate is about to expire then, you can re-import metadata again. Metadata generally will have two signing keys 1) That you are currently using 2) A newer key that has longer expiration date. When verifying signature Splunk will try to verify with both the keys. The verification of signature is considered successful if it can be verified against atleast one of the configured keys. You must use 6.4 onwards for this to work though

Azure Active Directory is going to be rolling their signing key on a regular basis. Will Splunk handle the key rollover event automatically?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases