Splunk® SOAR (On-premises)

Administer Splunk SOAR (On-premises)

As of version 6.4.0, the visual editor for classic playbooks is no longer part of Splunk SOAR. Before upgrading, convert your classic playbooks to modern mode. Your classic playbooks will continue to run and you can view and edit them in the SOAR Python code editor.
For details, see:
This documentation does not apply to the most recent version of Splunk® SOAR (On-premises). For documentation on the most recent version, go to the latest release.

Add or remove certificates from the certificate store

To add a custom certificate to the certificate store: 

phenv python3 /opt/phantom/bin/import_cert.py -i /tmp/ca.crt
/opt/phantom/bin/phsvc restart uwsgi

In this example, the import_cert.py script is copying the certificate file ca.crt to the /opt/phantom/etc/certs/ directory, then consolidating all the files in that directory to the /opt/phantom/etc/cacerts.pem file. The cacerts.pem file is used by to verify all server certificates.

The /opt/phantom/bin/phsvc restart uwsgi restarts the web server so the updated cacerts.pem file is reloaded.

If you need to remove a certificate that you have previously installed, perform the following tasks:

  1. Delete the file for that certificate from /opt/phantom/etc/certs/.
  2. Run the import_cert.py script with no parameters.
  3. Restart the web server.

Do not store files other than .crt or .pem in /etc/certs/. Storing other kinds of files in that directory can corrupt the cacerts.pem file when new certs are imported.

Last modified on 12 July, 2024
certificate store overview   Troubleshooting certificate issues

This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.1.0, 5.2.1, 5.3.1, 5.3.2

Acrobat logo Download manual
Acrobat logo Download this page

Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters