Splunk Enterprise Security

How to get multiple issues when enabling ssl on Splunk web with 3rd party certs with requiredClientCert = true?

Path Finder

Hi All,

I want enable mTLS in splunk cluster on all the communication channels. I have peer certificate that works as both server and client.
Enabling ssl is successful when I set

requiredClientCert = false

in web.conf. However when I make requiredClientCert = true I am getting below errors

ERROR X509Verify - X509 certificate (CN=myCompanyCN) failed validation; error=19, reason="self signed certificate in certificate chain"
WARN  SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client certificate B', alert_description='unknown CA'.
WARN  HttpListener - Socket error from while idling: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed - please check the output of the `openssl verify` command for the certificates involved; note that if certificate verification is enabled (requireClientCert or sslVerifyServerCert set to "true"), the CA certificate and the server certificate should not have the same Common Name.

Here are my conf files


enableSplunkdSSL = true
useClientSSLCompression = true
sslVersions = tls1.2
serverCert = $SPLUNK_HOME/etc/auth/mycerts/peer-chain-with-key.pem <=== contains peer cert, key, intermediate certs, root CA cert in this order
caCertFile = $SPLUNK_HOME/etc/auth/mycerts/ca-chain.pem
sslVerifyServerCert = true
requireClientCert = true


# Securing splunk web
enableSplunkWebSSL = true
privKeyPath = etc/auth/mycerts/peer-key.pem
serverCert = etc/auth/mycerts/peer-chain-cert-without-key.pem <==== contains peer cert, int certs & root CA cert in this order
sslVersions = tls1.2
requireClientCert = true

Any help please

Labels (1)
0 Karma
1 Solution

Path Finder

This issue has been resolved when I use sslRootCAPath in web.conf instead of caCertFile

View solution in original post


I suppose you wanted to say in "server.conf" instead of "web.conf". I do get these errors even after configurig sslRootCAPath  in server.conf

0 Karma

Splunk Employee
Splunk Employee


sslRootCAPath = <path>
* The path to a root certificate authority (CA) certificate, in privacy-enhanced
  mail (PEM) format, that splunkd is to use to authenticate client certificates
  under certain specific conditions.
* Splunkd uses the certificate specified at the path defined in this setting only
  when both 'requireClientCert' and 'enableCertBasedUserAuth' have a value of "true".
* If this setting has no value, splunkd falls back to the value of the 'sslRootCAPath'
  setting in server.conf.
* If you have already configured 'sslRootCAPath' in server.conf, the value of this
  setting does not override the setting of the same name in server.conf.
* No default.


0 Karma

Path Finder

This issue has been resolved when I use sslRootCAPath in web.conf instead of caCertFile

Get Updates on the Splunk Community!

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

 Clayton Homes faced the increased challenge of strengthening their security posture as they went through ...

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

We’re happy to announce the release of Mission Control 2.3 which includes several new and exciting features ...

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Python 2.7, the last release of Python 2, reached End of Life back on January 1, 2020. As part of our larger ...