topic Mongodb SSL errors using self-signed certs in Knowledge Management https://community.splunk.com/t5/Knowledge-Management/Mongodb-SSL-errors-using-self-signed-certs/m-p/304936#M2660 <P>I have a customer that is evaluating Splunk in a cloud provider. They are trying to evaluate the performance of bare metal vs VM instances.</P> <P>There are four hosts</P> <P>1 bare metal Enterprise indexer<BR /> 1 VM Enterprise indexer<BR /> 2 VM forwarders configured to send one copy</P> <P>I have created self-signed certs for all of the hosts --- web, forwarding, etc. The SSL config in server.conf is identical for both of them except for the name of the server certificate.</P> <P>Today on the bare metal instance, the kvstore started crashing. I see the following in mongod.log:</P> <P>2018-01-12T19:02:34.677Z W CONTROL No SSL certificate validation can be performed since no CA file has been provided; please<BR /> specify an sslCAFile parameter</P> <P>The server.conf on both machines points to the same CA cert. I've confirmed the CA certs on both machines have the same md5 hash and permissions.</P> <P>I also see this in the mongod.log on the problem indexer:</P> <P>2018-01-12T19:02:34.694Z I CONTROL [initandlisten] options: { net: { port: 8191, ssl: { PEMKeyFile: "/opt/splunk/etc/auth/mycerts/index01_cert.pem", PEMKeyPassword: "", allowInvalidHostnames: true, disabledProtocols: "noTLS1_0,noTLS1_1", mode: "requireSSL", sslCipherConfig: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RS..." }, unixDomainSocket: { enabled: false } }, replication: { oplogSizeMB: 200, replSet: "DE599A03-4B9A-426B-BDE9-882044E6E8C3" }, security: { javascriptEnabled: false, keyFile: "/opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key" }, setParameter: { enableLocalhostAuthBypass: "0" }, storage: { dbPath: "/opt/splunk/var/lib/splunk/kvstore/mongo", mmapv1: { smallFiles: true } }, systemLog: { timeStampFormat: "iso8601-utc" } }</P> <P>From what I see in the server.conf.spec, all of the [kvstore] SSL options, like caCertFile and caCertPath, are deprecated.</P> <P>Identical configs, identical certs... Why is mongodb having issues on only one machine?</P> Tue, 29 Sep 2020 17:38:39 GMT responsys_cm 2020-09-29T17:38:39Z Mongodb SSL errors using self-signed certs https://community.splunk.com/t5/Knowledge-Management/Mongodb-SSL-errors-using-self-signed-certs/m-p/304936#M2660 <P>I have a customer that is evaluating Splunk in a cloud provider. They are trying to evaluate the performance of bare metal vs VM instances.</P> <P>There are four hosts</P> <P>1 bare metal Enterprise indexer<BR /> 1 VM Enterprise indexer<BR /> 2 VM forwarders configured to send one copy</P> <P>I have created self-signed certs for all of the hosts --- web, forwarding, etc. The SSL config in server.conf is identical for both of them except for the name of the server certificate.</P> <P>Today on the bare metal instance, the kvstore started crashing. I see the following in mongod.log:</P> <P>2018-01-12T19:02:34.677Z W CONTROL No SSL certificate validation can be performed since no CA file has been provided; please<BR /> specify an sslCAFile parameter</P> <P>The server.conf on both machines points to the same CA cert. I've confirmed the CA certs on both machines have the same md5 hash and permissions.</P> <P>I also see this in the mongod.log on the problem indexer:</P> <P>2018-01-12T19:02:34.694Z I CONTROL [initandlisten] options: { net: { port: 8191, ssl: { PEMKeyFile: "/opt/splunk/etc/auth/mycerts/index01_cert.pem", PEMKeyPassword: "", allowInvalidHostnames: true, disabledProtocols: "noTLS1_0,noTLS1_1", mode: "requireSSL", sslCipherConfig: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RS..." }, unixDomainSocket: { enabled: false } }, replication: { oplogSizeMB: 200, replSet: "DE599A03-4B9A-426B-BDE9-882044E6E8C3" }, security: { javascriptEnabled: false, keyFile: "/opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key" }, setParameter: { enableLocalhostAuthBypass: "0" }, storage: { dbPath: "/opt/splunk/var/lib/splunk/kvstore/mongo", mmapv1: { smallFiles: true } }, systemLog: { timeStampFormat: "iso8601-utc" } }</P> <P>From what I see in the server.conf.spec, all of the [kvstore] SSL options, like caCertFile and caCertPath, are deprecated.</P> <P>Identical configs, identical certs... Why is mongodb having issues on only one machine?</P> Tue, 29 Sep 2020 17:38:39 GMT https://community.splunk.com/t5/Knowledge-Management/Mongodb-SSL-errors-using-self-signed-certs/m-p/304936#M2660 responsys_cm 2020-09-29T17:38:39Z