Skip to main content
Want the ultimate Splunk learning experience? Head to Boston a few days before .Conf25 to attend Splunk University!

Click for registration options.
Lantern Home

 

Splunk Lantern

Certificates data

  1. Last updated
  2. Save as PDF

 

Certificates data refers to digital certificates and the associated metadata that are used to establish trust, secure communications, and verify identities in a digital environment. Certificates are issued by a trusted entity called a Certificate Authority (CA) and are commonly used in encryption protocols (for example, SSL/TLS) to ensure the confidentiality, integrity, and authenticity of data transmitted between systems.

Certificates data typically includes the certificate itself, cryptographic keys, expiration dates, issuer information, and other details required for secure communication and authentication. Common standardized certificate formats include:

  •    PEM: A Base64 encoded certificate (commonly used in web servers and email systems)
  •    DER: A binary format for certificates
  •    PFX/P12: A container format that includes both the certificate and the private key

Certificates data typically includes:

  • SSL/TLS certificates: Certificate owner, issuer, validity period, public key, and certificate chain 
  • Code-signing certificates: Developer or organization, signing algorithm, timestamp, and public key
  • Client authentication certificates: User or device name, issuers, validity period and revocation status, and private key
  • Root certificates: Name of the root CA, self-signed, and validity period
  • Email certificates (S/MIME): Email address associated with the certificate, issuer, expiration data, public key, and private key
  • API certificates: Associated API endpoint or service name, validity period, issuer, and private/public key pair
  • Database certificates: Database server name and IP address, issuer, expiration date, public key, and private key
  • IoT device certificates: Device identifier (serial number of MAC address), issuer, expiration data, and public/private key pair
  • Personal identity certificates: Name of individual and their associated organization, issuer, expiration date, and private key
  • Blockchain certificates: Public key, blockchain address, and smart contract or transaction metadata

Certificates should be stored securely, and private keys should never be exposed. Expired certificates can disrupt services, so timely renewal is critical. Tools like Let's Encrypt and Certbot automate certificate issuance and renewal for web applications. However, certificates can be revoked if compromised, ensuring they are no longer trusted.

The Splunk Common Information Model (CIM) add-on contains a Certificates data model with fields and tags that describe key and certificate management events from a variety of secure servers and IAM systems.

Before looking at documentation for specific data sources, review the Splunk Docs information on general data ingestion: