Splunk® Phantom

Administer Splunk Phantom

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Phantom. Click here for the latest version.
Acrobat logo Download topic as PDF

Add or remove certificates from the Splunk Phantom certificate store

To add a custom certificate to the certificate store:

phenv python2.7 /opt/phantom/bin/import_cert.py -i /tmp/ca.crt
service uwsgi restart

In this example, the import_cert.py script is copying the certificate file ca.crt to the /opt/phantom/etc/certs/ directory, then consolidating all the files in that directory to the /opt/phantom/etc/cacerts.pem file. The cacerts.pem file is used by Splunk Phantom to verify all server certificates.

The service uswgi restart restarts the web server so the updated cacerts.pem file is reloaded.

If you need to remove a certificate that you have previously installed, perform the following tasks:

  1. Delete the file for that certificate from /opt/phantom/etc/certs/.
  2. Run the import_cert.py script with no parameters.
  3. Restart the web server.
Last modified on 20 October, 2020
PREVIOUS
Splunk Phantom certificate store overview
  NEXT
Troubleshooting certificate issues

This documentation applies to the following versions of Splunk® Phantom: 4.8


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters