ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Integrated Cyber Defense Exchange (ICDx) Splunk forwarder module fails due to problem loading certificate file


Article ID: 200323


Updated On:


Integrated Cyber Defense Exchange ICDx


When you try to start the ICDx Splunk forwarder, the forwarder does not start and errors are found in the forwarder logs.

The following error is listed in the forwarder logs:

2020-09-17 01:07:11,746 [main] ERROR lifecycle - Failed to load the service's modules: Unable to load configuration: Splunk Unable to load configuration: Splunk

Caused by: java.lang.reflect.InvocationTargetException: null

Caused by: java.lang.reflect.InvocationTargetException: null

Caused by: Problem loading certificate file: /path/to/splunk_cert.pem

Caused by: /path/to/splunk_cert.pem (No such file or directory)

The error has been edited for brevity. The "/path/to/splunk_cert.pem" is the value in the "SSL Certificate Path" configuration.


The issue occurrs when the ICDx forwarder is configured to use and verify SSL(TLS) but the ICDx software is not able to read the Splunk certificate that has been stored in the local filesystem.



Release : 1.4.1

Component : Splunk Forwarder


To resolve this issue, verify that the certificate path and filename are correct, and that the permissions and ownership for the full path and file allow the ICDx user account (icdx by default) to read the file.