certificate store overview
has a certificate store used to validate certificates when forming connections to other servers. The certificates in the store are trusted certificate authority (CA) certificates from
mkcert.org and are updated periodically. In almost all cases, can use its certificate store to validate any certificate issued by a commercial certificate authority (CA).
The default certificate store cannot be used to validate self-signed certificates, or certificates issued by an internal CA. You must add these custom certificates to the certificate store.
Important information about the certificate store:
- Certificates are stored in <$PHANTOM_HOME>/etc/certs/
- You add certificates to the <$PHANTOM_HOME>/etc/cacerts.pem file using the import_cert.py tool, located in <$PHANTOM_HOME>/bin/. See Add or remove certificates from the certificate store.
- For more information about how to change the TLS certificate on the platform, see Provide a valid SSL certificate for the connection between Splunk Phantom and Splunk Enterprise in the Use the Splunk Phantom App for Splunk to Forward Events manual.
Add or remove a cluster node from Splunk SOAR (On-premises)
Add, remove, or replace certificates from the certificate store
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.5.0, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0