Contents
Cisco Recommendation and Instruction
Splunk forwarder in VDS-IS uses HTTPS certificate for intercommunication between its modules. This certificate is getting expired on July 21st 2016. Post this date on expiry of the certificate, the Splunk will not be able to communicate internally and all the Splunk communication will be affected.
HTTPS certificate validity should be extended for seamless operation between VDS-IS and VDS-SM.
All the VDS-IS software versions 3.3.x, 4.1.x, 4.2.x, and 4.3.1 will be affected.
VDS-IS customers who are using Splunk on the VDS-IS software version 3.3.x, 4.1.x, 4.2.x and 4.3.1 need to install the patch immediately for seamless operation.
The patch must be installed in both the Service Engines and Service Routers.
To extend the Splunk HTTPS certificate validity, download VDS-IS Splunk Patch from CCO.
VDS-SW Version |
VDS-IS Splunk Patch required? |
4.3.2 b11 |
No |
4.3.1 b14 |
Yes |
4.2.1 b8 |
Yes |
4.1.2 b2 |
Yes |
4.1.1 b19 |
Yes |
4.0.0 b160 |
Yes |
3.3.1 b101 |
Yes |
3.2.1 b15 |
Yes |
Customers installing or upgrading to VDS-IS Release 4.3.2, need not apply the patch as this is taken care in the VDS-IS software version 4.3.2.
The VDS-IS Splunk patch (File Name: splunk_cert_patch.sh.signed) can be downloaded from Release 4.3.2 CCO. To install the patch, perform the following procedure.
Note: Splunk configurations must be enabled in the Service Engine and Service Router before applying the patch.
1. Download the script to VDS-IS Service Engine & Service Router.
2. Validate the script – splunk_cert_patch.sh.signed using “script check <file name> “
3. Execute the script – splunk_cert_patch.sh.signed using “script execute <file name>”
UCS280-QA-02#script check splunk_cert_patch.sh.signed
Script file splunk_cert_patch.sh.signed is valid.
UCS280-QA-02#script execute splunk_cert_patch.sh.signed
Extracted /local/local1/s-renewcerts.sh
Splunk certification in this device is going to expire
Running s-renewcerts.sh script to renew splunk certificate
Signature ok
subject=/C=US/ST=CA/L=San Francisco/O=Splunk/CN=SplunkCommonCA/emailAddress=support@splunk.com
Getting Private key
/etc/rc.d/init.d/functions: line 315: initlog: command not found
/etc/rc.d/init.d/functions: line 286: initlog: command not found
/etc/rc.d/init.d/functions: line 315: initlog: command not found
/etc/rc.d/init.d/functions: line 286: initlog: command not found
Splunk certification is successfully renewed to year 2026
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 11897302882686482682 (0xa51bb5efebc238fa)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=CA, L=San Francisco, O=Splunk, CN=SplunkCommonCA/emailAddress=support@splunk.com
Validity
Not Before: Jun 2 11:19:58 2016 GMT
Not After : May 31 11:19:58 2026 GMT
Subject: C=US, ST=CA, L=San Francisco, O=Splunk, CN=SplunkCommonCA/emailAddress=support@splunk.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:c9:99:be:79:ca:f6:a6:d4:6a:86:81:32:b4:75:
f1:d7:58:98:81:d0:58:7c:7e:c7:49:15:17:39:77:
10:49:3c:56:82:fe:49:66:b5:b2:c5:2d:b6:2e:5d:
d0:b6:26:1e:1c:9b:fb:a1:8f:5f:c5:5a:60:34:59:
b8:5b:d3:6a:e8:01:5d:37:67:74:97:d2:91:f2:15:
ad:d4:77:2a:ab:f5:fe:44:44:9d:00:60:50:3e:cb:
95:21:6c:c9:c3:f7:39:61:b3:b2:7c:b9:cb:9b:dd:
7b:c0:f2:b9:fb:f5:e8:e4:62:d0:d7:da:b3:10:58:
f3:59:60:f7:2b:c5:41:21:8b
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
49:96:c7:36:30:26:37:d9:02:51:2a:49:b0:31:98:ce:a6:e1:
c2:9e:da:e0:f2:53:87:fa:97:79:01:bf:f1:17:9b:04:7b:fa:
ec:73:f8:08:ab:61:84:5d:07:c9:57:eb:e2:2c:8a:2f:91:6a:
58:58:0f:7e:2d:a8:13:2c:d6:11:55:c3:a7:28:2c:c4:60:59:
5e:4b:bd:2f:2d:3c:e7:79:58:a5:8a:64:54:eb:62:e4:40:f7:
32:86:ab:2f:f2:6f:3d:b1:a9:76:7d:e8:7d:c8:74:2d:63:09:
8c:85:3f:fa:3f:28:2e:eb:28:ed:93:76:92:90:8b:8d:70:1b:
d8:80
Script splunk_cert_patch.sh.signed exited with return code 0
Lew Barding (lbarding@cisco.com)
Please contact Cisco’s TAC team.