Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

installing CA signed cert - TLS certificate is missing or invalid

Space_Crawler
Observer
‎03-18-2025 04:52 PM

Hi,

I am working on installing CA-signed (ssl.com) cert to a splunk enterprise instance, and keep hitting these two errors:

03-18-2025 23:32:08.751 +0000 ERROR UiHttpListener [122666 WebuiStartup] - TLS certificate is missing or invalid, please check your configuration or certificate file.
03-18-2025 23:32:08.751 +0000 ERROR UiHttpListener [122666 WebuiStartup] - Loaded TLS configurations from conf file=web, TLS cert check failed

 

web.conf:

[settings]
mgmtHostPort = 0.0.0.0:8089
enableSplunkWebSSL = true
privKeyPath = /opt/splunk/etc/auth/mycerts/splunk.key
serverCert = /opt/splunk/etc/auth/mycerts/splunk.crt

 

crt file contains the server cert, as well as CA chain concatenated at the end of the file.

Cert file is valid:

[root@splunk mycerts]# openssl x509 -in splunk.crt -noout -enddate
notAfter=Jun 16 19:25:41 2025 GMT

openssl verify -CAfile splunk.ca-bundle splunk.crt
splunk.crt: OK

How exactly does splunk perform "TLS cert", and is there a debug method to figure out what exactly it does not like about the CA-signed cert I am trying to configure?

 

Permissions and cert file ownership are setup correctly (ie, 600/644 and splunk:splunk)

 

Thank you!

Labels (1)
Labels
Tags (1)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎03-19-2025 01:18 AM

1. Is the certificate in PEM format? (openssl x509 will happily accept other formats)

2. Does the certificate match the private key?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-18-2025 05:11 PM

Splunk requires the certificate file to be in PEM format with individual certificates in a specific order.  See https://docs.splunk.com/Documentation/Splunk/9.4.1/Security/HowtoprepareyoursignedcertificatesforSpl...

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

Space_Crawler
Observer
‎03-18-2025 05:18 PM

Thanks for a quick reply. I have already validated that as well, the cert file is in the correct order.

Here is an interesting finding, - reading through https://docs.splunk.com/Documentation/Splunk/latest/admin/webconf I noticed the "Default" path values. I have replaced the cert/key in the default location with the same files I am attempting to link through the explicit path - and splunk loaded them correctly, with WebUI becoming accessible.

So this seems to point to the way the path to the cert/key is defined in my config? I have attempted a 'relative' path specification to $SPLUNK_HOME, with the same outcome - it fails as long as I specify the paths to the cert/key in web.conf. If I leave the paths commented out, relying on default values - splunk loads them fine somehow from the default location where I copied them.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...