Knowledge Management

KV Store certificate renewal is not working.

New Member

Hi,

alt text

Does anyone know where may I find official documentation which will help me to resolve this problem?

I have renewed a certificate using this tutorial, but for some reason, MongoDB is still not starting.

https://splunkonbigdata.com/2019/07/03/failed-to-start-kv-store-process-see-mongod-log-and-splunkd-l...

mongodb.log is showing this error...

2020-04-11T10:27:08.899Z W CONTROL [main] net.ssl.sslCipherConfig is deprecated. It will be removed in a future release.
2020-04-11T10:27:08.902Z F NETWORK [main] The provided SSL certificate is expired or not yet valid.
2020-04-11T10:27:08.902Z F - [main] Fatal Assertion 28652 at src/mongo/util/net/ssl_manager.cpp 1145
2020-04-11T10:27:08.902Z F - [main] 
***aborting after fassert() failure

Can anyone here help?

Cheers
Konrad

Labels (1)
0 Karma
1 Solution

Contributor

Hi dyude @conwaw ,

Try this,

  1. Stop the Splunk service.

  2. Rename the server.pem($SPLUNK_HOME/etc/auth) to server.pemck or move the pem file.

  3. Start the Splunk service.

It will generate a new server.pem

Let me know if this helps. 🙂

View solution in original post

Contributor

Hi dyude @conwaw ,

Try this,

  1. Stop the Splunk service.

  2. Rename the server.pem($SPLUNK_HOME/etc/auth) to server.pemck or move the pem file.

  3. Start the Splunk service.

It will generate a new server.pem

Let me know if this helps. 🙂

View solution in original post

Thanks, it worked for me.

 

0 Karma

Motivator

Hello @conwaw ,

did you find a solution for your problem?

If still not, try this command on the same host and post here a (redacted) output:

openssl s_client -connect localhost:8191
0 Karma

New Member

I cannot use Your command because nothing listen on port 8191. This is my problem, its not starting.

0 Karma

Motivator

Hello Konrad,

ah, I see " The provided SSL certificate is expired or not yet valid." message. Lets check the start and end validity of the certificate.

I assume you used a createssl command with the same parameters as mentioned in the blog post and a new certificate named "server.pem" was (re)created.

can you provide output of following commands:

ls -ltr /opt/splunk/etc/auth

openssl x509 -in /opt/splunk/etc/auth/server.pem -noout -text

and other question: you have a stand alone splunk and not a (SH) cluster, right?

0 Karma