Splunk Enterprise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

installing CA signed cert - TLS certificate is missing or invalid

Space_Crawler
Observer
3 weeks ago

Hi,

I am working on installing CA-signed (ssl.com) cert to a splunk enterprise instance, and keep hitting these two errors:

03-18-2025 23:32:08.751 +0000 ERROR UiHttpListener [122666 WebuiStartup] - TLS certificate is missing or invalid, please check your configuration or certificate file.
03-18-2025 23:32:08.751 +0000 ERROR UiHttpListener [122666 WebuiStartup] - Loaded TLS configurations from conf file=web, TLS cert check failed

 

web.conf:

[settings]
mgmtHostPort = 0.0.0.0:8089
enableSplunkWebSSL = true
privKeyPath = /opt/splunk/etc/auth/mycerts/splunk.key
serverCert = /opt/splunk/etc/auth/mycerts/splunk.crt

 

crt file contains the server cert, as well as CA chain concatenated at the end of the file.

Cert file is valid:

[root@splunk mycerts]# openssl x509 -in splunk.crt -noout -enddate
notAfter=Jun 16 19:25:41 2025 GMT

openssl verify -CAfile splunk.ca-bundle splunk.crt
splunk.crt: OK

How exactly does splunk perform "TLS cert", and is there a debug method to figure out what exactly it does not like about the CA-signed cert I am trying to configure?

 

Permissions and cert file ownership are setup correctly (ie, 600/644 and splunk:splunk)

 

Thank you!

Labels (1)
Labels
Tags (1)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
3 weeks ago

1. Is the certificate in PEM format? (openssl x509 will happily accept other formats)

2. Does the certificate match the private key?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
3 weeks ago

Splunk requires the certificate file to be in PEM format with individual certificates in a specific order.  See https://docs.splunk.com/Documentation/Splunk/9.4.1/Security/HowtoprepareyoursignedcertificatesforSpl...

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

Space_Crawler
Observer
3 weeks ago

Thanks for a quick reply. I have already validated that as well, the cert file is in the correct order.

Here is an interesting finding, - reading through https://docs.splunk.com/Documentation/Splunk/latest/admin/webconf I noticed the "Default" path values. I have replaced the cert/key in the default location with the same files I am attempting to link through the explicit path - and splunk loaded them correctly, with WebUI becoming accessible.

So this seems to point to the way the path to the cert/key is defined in my config? I have attempted a 'relative' path specification to $SPLUNK_HOME, with the same outcome - it fails as long as I specify the paths to the cert/key in web.conf. If I leave the paths commented out, relying on default values - splunk loads them fine somehow from the default location where I copied them.

0 Karma
Reply
Get Updates on the Splunk Community!

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
Top