Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk Web TLS from DigiCert PFX: restart hangs at “Waiting for web server …” and CA-bundle confusion

zksvc
Contributor
‎09-12-2025 02:04 AM

Hi all,

I’m trying to enable TLS on Splunk using a DigiCert certificate that I only have as a .pfx. I keep running into errors and I’m not fully sure whether my approach is correct. I’ve read several Splunk docs (server.conf/web.conf TLS settings, securing Splunk Web, certificate how-to’s), but the issue remains. I’d appreciate pointers to official, end-to-end guidance for the “I only have a PFX” scenario, and to hear if anyone has seen the same symptoms.

Environment

  • Splunk Enterprise: 9.x

  • OS: Linux (Ubuntu)

  • Goal: Use DigiCert certificate for Splunk Web (port 8000)

  • Inputs available: one .pfx file (exported from Windows/IIS)

Labels (4)
Labels
Tags (1)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎09-12-2025 03:06 AM

PFX is a PKCS12 file which means you probably requested the CA to create privkey/cert bundle for you (which is not the best idea - it's more secure to create our own pkey and only submit a CSR to the CA but that's not the point here).

Splunk doesn't handle PKCS12. It needs PEM-formatted crypto material. You need to use an external tool to extract pkey and cert (and cert chain probably) from the pfx file into separate PEM files. You can use openssl bundled with Splunk for this purpose. You could try java's keytool but I find its use more confusing.

Anyway, there are a lot of howtos on the internet about converting pkcs12 to pem.

EDIT: Oh, I see you have a file exported from a server on which it's already used. That means that it's either a wildcard cert (which is often a bad idea unless you have a TLS-terminating device at the perimeter of your environment) or you're trying to reuse some other subject's certificate (which is almost never a good idea)

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...