Posted on May 17, 2016
caret_splunk-04Splunk recently released a product advisory, in which they announced that instances of Splunk Enterprise, Splunk Light and HUNK that are older than 6.3 AND that are using the default certificates will no longer be able to communicate with each other after July 21, 2016 unless the certificates are replaced OR Splunk is upgraded to 6.3 or later. Please note that for all Splunk Enterprise versions, the default root certificate that ships with Splunk is the same root certificate in every download. This means that anyone who has downloaded Splunk has server certificates that have been signed by the same root certificate and would be able to authenticate to your certificates. To ensure that no one can easily snoop on your traffic or wrongfully send data to your indexers, we strongly recommend that you replace them with certificates signed by a reputable 3rd-party certificate authority. Failure to replace the expiring default certificates prior to July 21, 2016 will result in the immediate cessation of network traffic for any connection which uses them. The full article covering impact and up-to-date recommendations is available on Splunk Answers where you can view updates, add comments and read feedback from other Splunk customers.