Splunk Enterprise Security

How to get multiple issues when enabling ssl on Splunk web with 3rd party certs with requiredClientCert = true?

Path Finder

Hi All,

I want enable mTLS in splunk cluster on all the communication channels. I have peer certificate that works as both server and client.
Enabling ssl is successful when I set

requiredClientCert = false

in web.conf. However when I make requiredClientCert = true I am getting below errors

ERROR X509Verify - X509 certificate (CN=myCompanyCN) failed validation; error=19, reason="self signed certificate in certificate chain"
WARN  SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client certificate B', alert_description='unknown CA'.
WARN  HttpListener - Socket error from while idling: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed - please check the output of the `openssl verify` command for the certificates involved; note that if certificate verification is enabled (requireClientCert or sslVerifyServerCert set to "true"), the CA certificate and the server certificate should not have the same Common Name.

Here are my conf files


enableSplunkdSSL = true
useClientSSLCompression = true
sslVersions = tls1.2
serverCert = $SPLUNK_HOME/etc/auth/mycerts/peer-chain-with-key.pem <=== contains peer cert, key, intermediate certs, root CA cert in this order
caCertFile = $SPLUNK_HOME/etc/auth/mycerts/ca-chain.pem
sslVerifyServerCert = true
requireClientCert = true


# Securing splunk web
enableSplunkWebSSL = true
privKeyPath = etc/auth/mycerts/peer-key.pem
serverCert = etc/auth/mycerts/peer-chain-cert-without-key.pem <==== contains peer cert, int certs & root CA cert in this order
sslVersions = tls1.2
requireClientCert = true

Any help please

Labels (1)
0 Karma
1 Solution

Path Finder

This issue has been resolved when I use sslRootCAPath in web.conf instead of caCertFile

View solution in original post


I suppose you wanted to say in "server.conf" instead of "web.conf". I do get these errors even after configurig sslRootCAPath  in server.conf

0 Karma

Splunk Employee
Splunk Employee


sslRootCAPath = <path>
* The path to a root certificate authority (CA) certificate, in privacy-enhanced
  mail (PEM) format, that splunkd is to use to authenticate client certificates
  under certain specific conditions.
* Splunkd uses the certificate specified at the path defined in this setting only
  when both 'requireClientCert' and 'enableCertBasedUserAuth' have a value of "true".
* If this setting has no value, splunkd falls back to the value of the 'sslRootCAPath'
  setting in server.conf.
* If you have already configured 'sslRootCAPath' in server.conf, the value of this
  setting does not override the setting of the same name in server.conf.
* No default.


0 Karma

Path Finder

This issue has been resolved when I use sslRootCAPath in web.conf instead of caCertFile

Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...