Contents

Problem Statement. 2

Cisco Recommendation and Instruction. 2

Instruction on Patch Update. 2

Author. 3

For more information. 3

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

               

Problem Statement

Splunk forwarder in VDS-IS uses HTTPS certificate for intercommunication between its modules. This certificate is getting expired on July 21^st 2016. Post this date on expiry of the certificate, the Splunk will not be able to communicate internally and all the Splunk communication will be affected.

HTTPS certificate validity should be extended for seamless operation between VDS-IS and VDS-SM.

All the VDS-IS software versions 3.3.x, 4.1.x, 4.2.x, and 4.3.1 will be affected.

Cisco Recommendation and Instruction

VDS-IS customers who are using Splunk on the VDS-IS software version 3.3.x, 4.1.x, 4.2.x and 4.3.1 need to install the patch immediately for seamless operation.

The patch must be installed in both the Service Engines and Service Routers.

To extend the Splunk HTTPS certificate validity, download VDS-IS Splunk Patch from CCO.

 

Customers installing or upgrading to VDS-IS Release 4.3.2, need not apply the patch as this is taken care in the VDS-IS software version 4.3.2.

Instruction on Patch Update

The VDS-IS Splunk patch (File Name: splunk_cert_patch.sh.signed) can be downloaded from Release 4.3.2 CCO. To install the patch, perform the following procedure.

Note: Splunk configurations must be enabled in the Service Engine and Service Router before applying the patch.

1.       Download the script to VDS-IS Service Engine & Service Router.

2.       Validate the script – splunk_cert_patch.sh.signed using “script check <file name> “

3.       Execute the script – splunk_cert_patch.sh.signed using “script execute <file name>”

UCS280-QA-02#script check splunk_cert_patch.sh.signed

Script file splunk_cert_patch.sh.signed is valid.

 

UCS280-QA-02#script execute splunk_cert_patch.sh.signed

Extracted /local/local1/s-renewcerts.sh

 

Splunk certification in this device is going to expire

Running s-renewcerts.sh script to renew splunk certificate

 

Signature ok

subject=/C=US/ST=CA/L=San Francisco/O=Splunk/CN=SplunkCommonCA/emailAddress=support@splunk.com

Getting Private key

/etc/rc.d/init.d/functions: line 315: initlog: command not found

/etc/rc.d/init.d/functions: line 286: initlog: command not found

/etc/rc.d/init.d/functions: line 315: initlog: command not found

/etc/rc.d/init.d/functions: line 286: initlog: command not found

Splunk certification is successfully renewed to year 2026

 

Certificate:

    Data:

        Version: 1 (0x0)

        Serial Number: 11897302882686482682 (0xa51bb5efebc238fa)

    Signature Algorithm: sha1WithRSAEncryption

        Issuer: C=US, ST=CA, L=San Francisco, O=Splunk, CN=SplunkCommonCA/emailAddress=support@splunk.com

        Validity

            Not Before: Jun  2 11:19:58 2016 GMT

            Not After : May 31 11:19:58 2026 GMT

        Subject: C=US, ST=CA, L=San Francisco, O=Splunk, CN=SplunkCommonCA/emailAddress=support@splunk.com

        Subject Public Key Info:

            Public Key Algorithm: rsaEncryption

                Public-Key: (1024 bit)

                Modulus:

                    00:c9:99:be:79:ca:f6:a6:d4:6a:86:81:32:b4:75:

                    f1:d7:58:98:81:d0:58:7c:7e:c7:49:15:17:39:77:

                    10:49:3c:56:82:fe:49:66:b5:b2:c5:2d:b6:2e:5d:

                    d0:b6:26:1e:1c:9b:fb:a1:8f:5f:c5:5a:60:34:59:

                    b8:5b:d3:6a:e8:01:5d:37:67:74:97:d2:91:f2:15:

                    ad:d4:77:2a:ab:f5:fe:44:44:9d:00:60:50:3e:cb:

                    95:21:6c:c9:c3:f7:39:61:b3:b2:7c:b9:cb:9b:dd:

                    7b:c0:f2:b9:fb:f5:e8:e4:62:d0:d7:da:b3:10:58:

                    f3:59:60:f7:2b:c5:41:21:8b

                Exponent: 65537 (0x10001)

    Signature Algorithm: sha1WithRSAEncryption

         49:96:c7:36:30:26:37:d9:02:51:2a:49:b0:31:98:ce:a6:e1:

         c2:9e:da:e0:f2:53:87:fa:97:79:01:bf:f1:17:9b:04:7b:fa:

         ec:73:f8:08:ab:61:84:5d:07:c9:57:eb:e2:2c:8a:2f:91:6a:

         58:58:0f:7e:2d:a8:13:2c:d6:11:55:c3:a7:28:2c:c4:60:59:

         5e:4b:bd:2f:2d:3c:e7:79:58:a5:8a:64:54:eb:62:e4:40:f7:

         32:86:ab:2f:f2:6f:3d:b1:a9:76:7d:e8:7d:c8:74:2d:63:09:

         8c:85:3f:fa:3f:28:2e:eb:28:ed:93:76:92:90:8b:8d:70:1b:

         d8:80

 

Script splunk_cert_patch.sh.signed exited with return code 0

Author

Lew Barding (lbarding@cisco.com)

For more information

Please contact Cisco’s TAC team.