×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
David_Loureiro
Observer
Member since: ‎03-26-2026
2 weeks ago
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-26-2026
View All

Splunk Enterprise 10.0.2 - "Find More Apps" fails ...

by in Splunk Enterprise Security
‎03-26-2026 09:15 AM
‎03-26-2026 09:15 AM
Hello, I am facing an issue in Splunk Enterprise 10.0.2 with ES installed when opening Apps > Find More Apps. The page does not load correctly and eventually fails. At different times I have seen: JSON/UI loading errors HTTP 502 during backend calls 500 Internal Server Error in Splunk Web The most relevant errors in splunkd.log appear exactly when opening Find More Apps: ERROR X509Verify - Server X509 certificate (CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US) failed validation; error=19, reason="self-signed certificate in certificate chain" WARN SSLCommon - Received fatal SSL3 alert. ssl_state='error', alert_description='unknown CA' WARN HttpClientRequest - Returning error HTTP/1.1 502 Error connecting: error:0A000086:SSL routines::certificate verify failed Environment/details: Splunk Enterprise: 10.0.2 ES installed No outbound proxy No reverse proxy intended in this troubleshooting path Custom internal CA is used for Splunk server certificate (mTLS with UF) Current relevant sslConfig effective settings: [sslConfig] caTrustStore = splunk,os caTrustStorePath = /etc/ssl/certs sslRootCAPath = /opt/splunk/etc/auth/combined_ca.pem cliVerifyServerName = false Important detail: Default /opt/splunk/etc/auth/cacert.pem contains only SplunkCommonCA My custom combined_ca.pem contains: SplunkCommonCA my internal CA So the custom bundle is effectively default Splunk CA + internal CA. What is confusing me is: before introducing the custom CA/trust-store change, Find More Apps was working after the change, opening Find More Apps consistently produces the DigiCert/X509 validation failure above Other checks: splunkd is running KV Store status is ready issue is specifically reproducible when opening Find More Apps My questions: Which trust store/certificate bundle is actually used by the Find More Apps outbound HTTPS flow? Why would validation fail against DigiCert Global Root G2 in this path? Has anyone seen this in Splunk Enterprise 10.0.2? What is the supported way to include a custom internal CA without breaking outbound public CA validation for Splunkbase/App Browser access? Any guidance would be appreciated. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
2 weeks ago