Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

installing CA signed cert - TLS certificate is missing or invalid

Space_Crawler
Observer
‎03-18-2025 04:52 PM

Hi,

I am working on installing CA-signed (ssl.com) cert to a splunk enterprise instance, and keep hitting these two errors:

03-18-2025 23:32:08.751 +0000 ERROR UiHttpListener [122666 WebuiStartup] - TLS certificate is missing or invalid, please check your configuration or certificate file.
03-18-2025 23:32:08.751 +0000 ERROR UiHttpListener [122666 WebuiStartup] - Loaded TLS configurations from conf file=web, TLS cert check failed

 

web.conf:

[settings]
mgmtHostPort = 0.0.0.0:8089
enableSplunkWebSSL = true
privKeyPath = /opt/splunk/etc/auth/mycerts/splunk.key
serverCert = /opt/splunk/etc/auth/mycerts/splunk.crt

 

crt file contains the server cert, as well as CA chain concatenated at the end of the file.

Cert file is valid:

[root@splunk mycerts]# openssl x509 -in splunk.crt -noout -enddate
notAfter=Jun 16 19:25:41 2025 GMT

openssl verify -CAfile splunk.ca-bundle splunk.crt
splunk.crt: OK

How exactly does splunk perform "TLS cert", and is there a debug method to figure out what exactly it does not like about the CA-signed cert I am trying to configure?

 

Permissions and cert file ownership are setup correctly (ie, 600/644 and splunk:splunk)

 

Thank you!

Labels (1)
Labels
Tags (1)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎03-19-2025 01:18 AM

1. Is the certificate in PEM format? (openssl x509 will happily accept other formats)

2. Does the certificate match the private key?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-18-2025 05:11 PM

Splunk requires the certificate file to be in PEM format with individual certificates in a specific order.  See https://docs.splunk.com/Documentation/Splunk/9.4.1/Security/HowtoprepareyoursignedcertificatesforSpl...

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

Space_Crawler
Observer
‎03-18-2025 05:18 PM

Thanks for a quick reply. I have already validated that as well, the cert file is in the correct order.

Here is an interesting finding, - reading through https://docs.splunk.com/Documentation/Splunk/latest/admin/webconf I noticed the "Default" path values. I have replaced the cert/key in the default location with the same files I am attempting to link through the explicit path - and splunk loaded them correctly, with WebUI becoming accessible.

So this seems to point to the way the path to the cert/key is defined in my config? I have attempted a 'relative' path specification to $SPLUNK_HOME, with the same outcome - it fails as long as I specify the paths to the cert/key in web.conf. If I leave the paths commented out, relying on default values - splunk loads them fine somehow from the default location where I copied them.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...