As of version 6.4.0, the visual editor for classic playbooks is no longer part of Splunk SOAR. Before upgrading, convert your classic playbooks to modern mode. Your classic playbooks will continue to run and you can view and edit them in the SOAR Python code editor.
For details, see:
For details, see:
Renew IdP certificates
Identity provider (IdP) certificates are automatically created when you install Splunk SOAR (On-premises) and have an an expiry date of two years from the time they were created. To renew Splunk SOAR (On-premises) IdP certificates, follow these steps:
- Connect to your Splunk SOAR (On-premises) deployment using SSH.
- Navigate to the
/<PHANTOM_HOME>/keystoredirectory and create a folder and name itcert.save. - Copy all existing certificates listed in the
/<PHANTOM_HOME>/keystoredirectory to thecert.savefolder. - Delete all pem or der files in the
/<PHANTOM_HOME>/keystoredirectory exceptprivate_key.pem.private_key.pemis used to decrypt the password and will not be updated. - Change directory to /<PHANTOM_HOME>/bin.
- Update the current certificate files by running the following command:
phenv python /opt/phantom/bin/initialize.py --set-auth-keys --force
The new IdP certificates are generated under the /<PHANTOM_HOME>/keystore directory and are valid for 2 years. If necessary, you can then copy the relevant public signing key to your IdP.
- If you use SAML, copy
public_sig_saml2.pemto your IdP. - If you use OIDC, copy
public_sig_oidc.derto your IdP.
Last modified on 24 April, 2023
| Update or renew SSL certificates for Nginx, RabbitMQ, or Consul | Splunk SOAR (On-premises) backup and restore overview |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.1.0, 5.2.1, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.5.0, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2, 6.3.0, 6.3.1, 6.4.0
Download manual
Feedback submitted, thanks!