Knowledge Management

KV Store certificate renewal is not working.

conwaw
Explorer

Hi,

alt text

Does anyone know where may I find official documentation which will help me to resolve this problem?

I have renewed a certificate using this tutorial, but for some reason, MongoDB is still not starting.

https://splunkonbigdata.com/2019/07/03/failed-to-start-kv-store-process-see-mongod-log-and-splunkd-l...

mongodb.log is showing this error...

2020-04-11T10:27:08.899Z W CONTROL [main] net.ssl.sslCipherConfig is deprecated. It will be removed in a future release.
2020-04-11T10:27:08.902Z F NETWORK [main] The provided SSL certificate is expired or not yet valid.
2020-04-11T10:27:08.902Z F - [main] Fatal Assertion 28652 at src/mongo/util/net/ssl_manager.cpp 1145
2020-04-11T10:27:08.902Z F - [main] 
***aborting after fassert() failure

Can anyone here help?

Cheers
Konrad

Labels (1)
1 Solution

vinod94
Contributor

Hi dyude @conwaw ,

Try this,

  1. Stop the Splunk service.

  2. Rename the server.pem($SPLUNK_HOME/etc/auth) to server.pemck or move the pem file.

  3. Start the Splunk service.

It will generate a new server.pem

Let me know if this helps. 🙂

View solution in original post

vinod94
Contributor

Hi dyude @conwaw ,

Try this,

  1. Stop the Splunk service.

  2. Rename the server.pem($SPLUNK_HOME/etc/auth) to server.pemck or move the pem file.

  3. Start the Splunk service.

It will generate a new server.pem

Let me know if this helps. 🙂

SirDrake7
Explorer

Thank you for this fix big time.

0 Karma

Eduardo_Perez
Engager

Thanks, it worked for me.

 

0 Karma

PavelP
Motivator

Hello @conwaw ,

did you find a solution for your problem?

If still not, try this command on the same host and post here a (redacted) output:

openssl s_client -connect localhost:8191
0 Karma

conwaw
Explorer

I cannot use Your command because nothing listen on port 8191. This is my problem, its not starting.

0 Karma

PavelP
Motivator

Hello Konrad,

ah, I see " The provided SSL certificate is expired or not yet valid." message. Lets check the start and end validity of the certificate.

I assume you used a createssl command with the same parameters as mentioned in the blog post and a new certificate named "server.pem" was (re)created.

can you provide output of following commands:

ls -ltr /opt/splunk/etc/auth

openssl x509 -in /opt/splunk/etc/auth/server.pem -noout -text

and other question: you have a stand alone splunk and not a (SH) cluster, right?

0 Karma
Get Updates on the Splunk Community!

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...

Introducing Ingest Actions: Filter, Mask, Route, Repeat

WATCH NOW Ingest Actions (IA) is the best new way to easily filter, mask and route your data in Splunk® ...