Renew IdP certificates
Identity provider (IdP) certificates are automatically created when you install and have an an expiry date of two years from the time they were created. To renew IdP certificates, follow these steps:
- Connect to your Splunk SOAR (On-premises) deployment using SSH.
- Navigate to the
/<PHANTOM_HOME>/keystoredirectory and create a folder and name it
- Copy all existing certificates listed in the
/<PHANTOM_HOME>/keystoredirectory to the
- Delete all pem or der files in the
private_key.pemis used to decrypt the password and will not be updated.
- Change directory to /<PHANTOM_HOME>/bin.
- Update the current certificate files by running the following command:
phenv python /opt/phantom/bin/initialize.py --set-auth-keys --force
The new IdP certificates are generated under the
/<PHANTOM_HOME>/keystore directory and are valid for 2 years. If necessary, you can then copy the relevant public signing key to your IdP.
- If you use SAML, copy
public_sig_saml2.pemto your IdP.
- If you use OIDC, copy
public_sig_oidc.derto your IdP.
Update or renew SSL certificates for Nginx, RabbitMQ, or Consul
backup and restore overview
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.1.0, 5.2.1, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.5.0, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1