Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

KVStore specific cert

Abass42
Communicator
‎02-10-2026 10:31 AM

I would like to know how to properly configure my kvstore stanza to use my own self generated Server/Client authentication enabled x509 EKU file. 

Currently, i needed a trusted cert with a SAN value to communicate with an integration we are trying to set up, Prophet AI. I have a cert signed with DigiCert, and its valid. Checked it multiple times. After going through the errors in the splunk logs, I see that the KV store needed a Client/Server auth, which my trusted cert doesn't contain. I found through some reading that i can use a separate cert for the kvstore. 

I have configured another cert, one with the correct X509 EKU stanzas, for Client/server auth, but I can not seem to figure out what values I need to map the file locations to. A lot of the values I am seeing on the internet and through AI summaries are values found under [sslConfig], which I have configured to use the main trusted Digicert. 

SO upon restarting, I get 

 

Invalid key in stanza [kvstore] in /export/opt/splunk/etc/system/local/server.conf, line 39: enableSSL (value: true).
                Invalid key in stanza [kvstore] in /export/opt/splunk/etc/system/local/server.conf, line 40: sslPrivateKey (value: /export/opt/splunk/etc/auth/kvstore/kvstore.key).

 

 

The main values I keep seeing are:

  • caCertFile
  • sslRootCApath (main pem file, as specified under my original sslConfig stanza)
  • sslPrivateKey or SSL password

 

My main ssl Config looks like this, which seems to be valid:

 

[sslConfig]
enableSplunkdSSL = true
serverCert = /export/opt/splunk/etc/auth/mycerts/server.pem
sslRootCAPath = /export/opt/splunk/etc/auth/mycerts/ca.crt

 

 

I dont see any stanza to specify the cert private key, so i am guessing you need the priv-Key stanza alongside the server cert for the server.pem, and the chain under the ca.crt

My question is, what values and path values do i use when setting up and mapping my proper certs to the kv store, as it keeps failing to stat up due to a mismatch in certs. 

I am using this link for reference: KV Store settings under Server.conf 

 

Thank you

Labels (3)
Labels
Tags (1)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎02-11-2026 12:16 PM

I've never set a separate cert just for kvstore but assuming that the config works the same as the general splunkd one, your servercert file should consist of concatenated - subject cert, private key, certification chain.

 

0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎02-10-2026 01:51 PM

Hi @Abass42 

There is a good page at https://help.splunk.com/en/splunk-enterprise/administer/admin-manual/9.4/administer-the-app-key-valu... which walks you through how to ensure your certificate is correct for KV Store usage as well as how to setup your server.conf for your custom KV Store, so I would recommend checking it out!

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Reply

Abass42
Communicator
‎02-10-2026 02:10 PM

I meant to include that I was using that page as a reference. 

 

I am going through, command by command, generating the certs as recommended by Copilot, and testing them using that reference link. Thank you. 

Looks like i need to specifically use sslRootCAPath and caCertFile. I need to make sure that the cert and associated chains are formatted properly. 

Ill post the walk through, if it works, at the end of this forum post. 

 

Thanks, 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Keep the Learning Going with the New Best of .conf Hub

Hello Splunkers, With .conf26 getting closer, there’s already a lot of excitement building around this year’s ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...