After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
Update or renew SSL certificates for Nginx, RabbitMQ, or Consul
Secure Sockets Layer (SSL) certificates are automatically updated when you upgrade to a new release. In some cases, you many need to manually update the certificates for Nginx, RabbitMQ, or Consul on your Splunk SOAR (On-premises) deployment.
Clustered deployments of require RabbitMQ and Consul for internode coordination. Single instance deployments do not.
A management command, update_certificates, can be used to check the status of, and manually update SSL certificates for Nginx, RabbitMQ, and Consul.
The following instructions refer to the self-signed SSL certificates shipped with Splunk SOAR (On-premises). If you want to use custom certificates see Add, remove, or replace certificates from the Splunk SOAR (On-premises) certificate store for more information.
Updating the SSL certificates
To update the SSL certificates for your deployment follow these steps:
- Connect to your deployment using SSH.
- Change directory to <PHANTOM_HOME>/bin.
- Check the status of your SSL certificates.
phenv update_certificates status
- Stop services. In a clustered deployment, do this on each cluster node.
./stop_phantom.sh
- Start pgbouncer. In a clustered deployment, do this on each cluster node.
./phsvc start pgbouncer
- Update the desired certificates. In a clustered deployment, do this on the primary cluster node.
phenv update_certificates refresh --scope <scope> --verbosity 3
- (Conditional) In a clustered deployment, update the certificates on each other node.
phenv update_certificates refresh --scope <scope> --skip-ca
- Start services. In a clustered deployment, do this on each cluster node, one at a time.
./start_phantom.sh
This process applies only to the default Splunk SOAR (On-premises) self-signed certificates.
When updating the certificates used by Consul and RabbitMQ, all the cluster nodes need to be stopped before refreshing the certificates. Additionally, the certificates on every node need to be refreshed before any of the nodes are started. Start the node that you shutdown last, first and use the --skip-ca
option for all the nodes except the first one.
update_certificates tool options and examples
This table lists the arguments for the management command update_certificates.
The arguments should be placed anywhere after phenv update_certificates
. For example, phenv update_certificates --no-color status
.
Argument | Description |
---|---|
-h, --help | Show the help text, then exit. |
--scope {nginx, glusterfs, all, consul_and_rabbitmq} | Set the scope of the certificates that this command will affect. If no scope is specified, the default is all.
glusterfs is not currently supported. |
--no-prompt | Set the tool to run without prompting the user for input. |
--skip-ca | Set the tool to run without getting certificate authority information. |
-v {0,1,2,3}, --verbosity {0,1,2,3} | Verbosity level:
|
--no-color | Don't colorize the command output. This changes the output to also include the log levels DEBUG, INFO, WARNING, or ERROR. |
--skip-checks | Skip system checks. |
Positional Argument | Description |
refresh | Refresh the expiration dates of the specified scope of SSL certificates. |
status | Output the status of the specified scope of SSL certificates. |
Check the status of certificates
You can check the status of your SSL certificates.
phenv update_certificates status
For a standalone system, the output looks similar to the following:
Fetching certificate status for nginx Nginx ssl certificate: Subject: CN=phantom Valid until: May 20 2025 at 08:50 AM
For a system with clusters, the output looks similar to the following:
Fetching certificate status for nginx, consul_and_rabbitmq, and glusterfs Nginx ssl certificate: Subject: CN=phantom Valid until: Mar 10 2025 at 07:32 PM Consul & RabbitMQ ca certificate: Subject: CN=PhantomRabbitCA Valid until: Dec 04 2032 at 07:58 PM Consul & RabbitMQ server certificate: Subject: O=server,CN=10.1.19.113 Valid until: Dec 04 2032 at 07:58 PM Consul & RabbitMQ client certificate: Subject: O=client,CN=10.1.19.113 Valid until: Dec 04 2032 at 07:58 PM Consul on port 8501 (LIVE): Subject: CN = 10.1.19.113, O = server Valid until: Dec 4 19:58:23 2032 GMT RabbitMQ on port 5671 (LIVE): Subject: CN = 10.1.19.113, O = server Valid until: Dec 4 19:58:23 2032 GMT GlusterFS ca/server certificate: Subject: OU=Gluster,O=Phantom,ST=CA,CN=US Valid until: Dec 04 2032 at 07:52 PM
Update the expiration date of certificates
This example updates the expiration date of the nginx SSL certificate on a single-instance deployment of .
phenv update_certificates --skip-ca -v 2 refresh
Refreshing the following certificates: nginx Shell command: openssl x509 -in /opt/phantom/etc/ssl/certs/httpd_cert.crt -pubkey -noout b'-----BEGIN PUBLIC KEY-----' KEY SIGNATURE APPEARS HERE b'-----END PUBLIC KEY-----' Command: /opt/phantom/bin/phsvc restart nginx Shell command: /opt/phantom/bin/phsvc restart nginx Stopping NGINX: [ OK ] Starting NGINX: [ OK ] Nginx certificate refreshed: Loading cert from /opt/phantom/etc/ssl/certs/httpd_cert.crt Nginx ssl certificate: Subject: CN=phantom Valid until: Apr 14 2025 at 07:11 PM All done!
Troubleshooting certificate issues | Renew IdP certificates |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.1.0, 5.2.1, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.5.0, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2, 6.3.0
Feedback submitted, thanks!