Splunk® Phantom (Legacy)

Administer Splunk Phantom

Splunk Phantom 4.10.7 is the final release of Splunk's Security Orchestration, Automation, and Response (SOAR) system to be called Splunk Phantom. All later versions are named Splunk SOAR (On-premises). For more information, see the Splunk SOAR (On-premises) documentation.

Add or remove certificates from the certificate store

To add a custom certificate to the certificate store:

phenv python3 /opt/phantom/bin/import_cert.py -i /tmp/ca.crt
/opt/phantom/bin/phsvc restart uwsgi

In this example, the import_cert.py script is copying the certificate file ca.crt to the /opt/phantom/etc/certs/ directory, then consolidating all the files in that directory to the /opt/phantom/etc/cacerts.pem file. The cacerts.pem file is used by to verify all server certificates.

The /opt/phantom/bin/phsvc restart uwsgi restarts the web server so the updated cacerts.pem file is reloaded.

If you need to remove a certificate that you have previously installed, perform the following tasks:

  1. Delete the file for that certificate from /opt/phantom/etc/certs/.
  2. Run the import_cert.py script with no parameters.
  3. Restart the web server.
Last modified on 07 September, 2021
certificate store overview   Troubleshooting certificate issues

This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters