Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Need to regenerate SSL Cert for SplunkWeb

balbano
Contributor
‎04-04-2013 03:35 PM

Hi guys,

My SplunkWeb SSL Certificate is set to expire tomorrow.

I'd like to renew it or regenerate a new one.

Can someone show me how to do that?

Thanks.
Brian

Tags (2)
Reply

Michael
Contributor
‎01-31-2017 09:27 AM

Don't bother following that link to the docs... (pfft, RTFM answers...)
The following was true on v6.5.

Bottom line is -- (for self-generated keys):

Keys are located in splunkweb, as pointed to in web.conf:
/opt/splunk/etc/system/default/web.conf

Pertinent section:

 # SSL certificate files.
 privKeyPath = $SPLUNK_HOME/etc/auth/splunkweb/privkey.pem
 serverCert = $SPLUNK_HOME/etc/auth/splunkweb/cert.pem

If you make any changes, of course, copy this section into a “local” version:
/opt/splunk/etc/system/local/web.conf

Backup old keys:

 # cd $SPLUNK_HOME/etc/auth/splunkweb
 # mv cert.pem old.cert.pem
 # mv privkey.pem old.privkey.pem

Make new:
This will create new web-keys with the same default names (privkey.pem and cert.pem) in the directory you want to run it. I simply CD’d into /etc/auth/splunkweb/ and ran it. This way you don’t need to move anything or change anything in web.conf.

 # /opt/splunk/bin/splunk createssl web-cert 3072

Other options are:
audit-keys|server-cert|web-cert [1024|2048|3072]

Restart Splunk
# /opt/splunk/bin/splunk restart

Done.

To use a shiny new fancy issued cert, simply drop it in the /etc/auth/splunkweb/ directory and make sure web.conf points to the right names. Restart.

Cheers!
Michael

Reply

gkanapathy
Splunk Employee
Splunk Employee
‎04-04-2013 04:34 PM

You can create new SSL certs using the $SPLUNK_HOME/bin/splunk createssl command. Run $SPLUNK_HOME/bin/splunk help createssl for the parameters, and make sure you back up your old certificates first.

Reply

jworthington_sp
Splunk Employee
Splunk Employee
‎04-04-2013 03:40 PM

The documentation talks a bit about generating and using new certificates:

http://docs.splunk.com/Documentation/Splunk/latest/Security/AboutsecuringauthenticationtoSplunkWeb

Hope that helps!

Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...