Security

Losing splunkforwarders / deployment server connection if any certificate expired?

splunkreal
Motivator

Hello,

if default server.pem on the forwarders expires, do you know if we keep connection with the deployment server (which also hosts management console, cluster master, license manager...) and so be able to provide new certificate for agents? Deployer URL is https.

We have sslVerifyServerCert = false set on the fwd.

Thanks.

* If this helps, please upvote or accept solution 🙂 *

dantimola
Communicator

Hello, Once the default ssl certificate expires, connection between deployment server and the client will be revoked, our workaround is to upgrade the universal forwarder so that it will renew the default certificates, however, Splunk's recommendation is DO NOT USE THE DEFAULT CERTIFICATE, generate a new one self-sign certificate, it will be more secure, to do that you can follow the instructions on the link below:

https://docs.splunk.com/Documentation/Splunk/7.0.3/Security/Howtoself-signcertificates
certificates signed by third party: https://docs.splunk.com/Documentation/Splunk/7.0.3/Security/Getthird-partycertificatesforSplunkWeb

0 Karma

splunkreal
Motivator

Thanks, unfortunately we can't upgrade forwarders easily for the moment.

* If this helps, please upvote or accept solution 🙂 *
0 Karma

dantimola
Communicator

Then you can proceed with generating a self-signed certificate. 🙂

p_gurav
Champion
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...