Using your own CA with LDAP

From Splunk Wiki

Jump to: navigation, search

This topic is under review and may not be accurate.

If your LDAP server requires your own CA for SSL use, follow these instructions to import it.

Import your CA

To configure Splunk's LDAPS to work with your own CA, follow these steps:

1. Export your root CA cert in Base-64 encoded X.509 format.

2. Add these lines to $SPLUNK_HOME/etc/openldap/ldap.conf making sure that the path represents the actual path to the file/directory:

TLS_CACERT /opt/splunk/etc/openldap/certs/$YOUR_CERT_NAME
TLS_CACERTDIR /opt/splunk/etc/openldap/certs

In Windows, make sure to use a path in the following format with quotes if there are any spaces in the pathname:

TLS_CACERT "D:\Program Files\Splunk\etc\openldap\certs\$YOUR_CERT_NAME"
TLS_CACERTDIR "D:\Program Files\Splunk\etc\openldap\certs"

For newer Versions of Windows/Splunk (Tested versions: Windows Server 2012 R2, Splunk 7.3.2) putting quotes around a file path might result in an error. If you get the error: 'Error binding to LDAP. reason="Can't contact LDAP server"' even though every other setting is correct, try removing the quotes around the path. YMMV

3. Select a value for TL_REQCERT according to your needs from allow, try or demand; see the ldap.conf manpage, openldap website, or

4. Create the directory $SPLUNK_HOME/etc/openldap/certs.

5. Place the exported CA cert at $SPLUNK_HOME/etc/openldap/certs/$YOUR_CERT_NAME.

6. Restart Splunk.

7. In Splunk Web, navigate to Manager > Authentication method.

  • Click Reload Authentication Configuration at the bottom of the page.

8. You can now map the designated AD groups to the respective roles in Splunk.

Personal tools
Hot Wiki Topics

About Splunk >
  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk