I am new to Splunk administation and getting KV store errors. After checking mongod.log, found that the SSL and server certificates are expired.
We have a clustered environment :
SHC -sh1 and sh2
IDXC -sh1 acting as idx1, idx2, idx3
Stand alone acting as DS and LM
One Cluster Master and one HF.
We using Solunk 6.3 version and I not sure if ssl communication is enabled between splunk servers or not.
Could you please help me with the below:
1) How to check if ssl communication is enabled between splunk servers
2) how to check if the existing certificates are default or self signed or third party generated
3) How to renew server certificates on each splunk instance, to fix the kv store errors
Hi @Ruchi, in the case of third-party certificates, it will be the same except for the renewal part. You need to renew the certificate with your employer or from which third-party certificate you got.
You can run the below command under the /etc/auth folder or where your certificate is placed.
openssl x509 -in server.pem -text -noout|grep -i CN
With the information, you can find out the certificate is Splunk default certificate or third party certificate.
Splunk uses the Splunk self signed certificate for the SSL communication by default.