Splunk® SOAR (On-premises)

Administer Splunk SOAR (On-premises)

The classic playbook editor will be deprecated soon. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:

Troubleshooting certificate issues

Even after importing the correct certificate, you might notice that the server still reports connectivity issues, which could be related to the certificate. In addition to the certificate being available for validation, it is important to remember some key points about certificate validation:

  • The OpenSSL library used must validate a full certificate chain. This means that you cannot just install the end certificate, such as the one on the web server. If it was signed by a parent certificate, then the parent certificate is the one that must be installed. Though, if it's a true self-signed certificate, where it is signed by itself, and has no other parent, then install that certificate.
  • Any required intermediate certificates must be present. Many CAs have a root certificate, and then one or more levels of intermediate, issuer, certificates, and then the actual server certificate. It's customary that the server be configured to serve both its own certificate as well as the intermediates, and that the client has the root to complete the chain. However, if the server is not configured to serve the intermediates, then the intermediates must also be installed in the certificate store.
  • Certificates must be within their date range. That is, it must be after the valid from date and before the expiration date in the certificate.
  • Certificates must use a valid Common Name (CN) or Subject Alternative Name (SAN) field and must be configured to use the resource by that name. Wildcard certificates will also work as expected. For example, you might have a server known as server.example.com at IP address In order for the SSL/TLS connection to it to succeed, must be configured to use the full name, server.example.com. Using a short name of "server" or using the IP address does not work.
Last modified on 29 June, 2023
Add, remove, or replace certificates from the certificate store   Update or renew SSL certificates for Nginx, RabbitMQ, or Consul

This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.5.0, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters