For details, see:
Renew IdP certificates
Identity provider (IdP) certificates are automatically created when you install Splunk SOAR (On-premises) and have an an expiry date of two years from the time they were created. To renew Splunk SOAR (On-premises) IdP certificates, follow these steps:
- Connect to your Splunk SOAR (On-premises) deployment using SSH.
- Navigate to the
/<PHANTOM_HOME>/keystore
directory and create a folder and name itcert.save
. - Copy all existing certificates listed in the
/<PHANTOM_HOME>/keystore
directory to thecert.save
folder. - Delete all pem or der files in the
/<PHANTOM_HOME>/keystore
directory exceptprivate_key.pem
.private_key.pem
is used to decrypt the password and will not be updated. - Change directory to /<PHANTOM_HOME>/bin.
- Update the current certificate files by running the following command:
phenv python /opt/phantom/bin/initialize.py --set-auth-keys --force
The new IdP certificates are generated under the /<PHANTOM_HOME>/keystore
directory and are valid for 2 years. If necessary, you can then copy the relevant public signing key to your IdP.
- If you use SAML, copy
public_sig_saml2.pem
to your IdP. - If you use OIDC, copy
public_sig_oidc.der
to your IdP.
Update or renew SSL certificates for Nginx, RabbitMQ, or Consul | Splunk SOAR (On-premises) backup and restore overview |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.1.0, 5.2.1, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.5.0, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2, 6.3.0, 6.3.1, 6.4.0
Feedback submitted, thanks!