Knowledge Management

Mongodb SSL errors using self-signed certs

responsys_cm
Builder

I have a customer that is evaluating Splunk in a cloud provider. They are trying to evaluate the performance of bare metal vs VM instances.

There are four hosts

1 bare metal Enterprise indexer
1 VM Enterprise indexer
2 VM forwarders configured to send one copy

I have created self-signed certs for all of the hosts --- web, forwarding, etc. The SSL config in server.conf is identical for both of them except for the name of the server certificate.

Today on the bare metal instance, the kvstore started crashing. I see the following in mongod.log:

2018-01-12T19:02:34.677Z W CONTROL No SSL certificate validation can be performed since no CA file has been provided; please
specify an sslCAFile parameter

The server.conf on both machines points to the same CA cert. I've confirmed the CA certs on both machines have the same md5 hash and permissions.

I also see this in the mongod.log on the problem indexer:

2018-01-12T19:02:34.694Z I CONTROL [initandlisten] options: { net: { port: 8191, ssl: { PEMKeyFile: "/opt/splunk/etc/auth/mycerts/index01_cert.pem", PEMKeyPassword: "", allowInvalidHostnames: true, disabledProtocols: "noTLS1_0,noTLS1_1", mode: "requireSSL", sslCipherConfig: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RS..." }, unixDomainSocket: { enabled: false } }, replication: { oplogSizeMB: 200, replSet: "DE599A03-4B9A-426B-BDE9-882044E6E8C3" }, security: { javascriptEnabled: false, keyFile: "/opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key" }, setParameter: { enableLocalhostAuthBypass: "0" }, storage: { dbPath: "/opt/splunk/var/lib/splunk/kvstore/mongo", mmapv1: { smallFiles: true } }, systemLog: { timeStampFormat: "iso8601-utc" } }

From what I see in the server.conf.spec, all of the [kvstore] SSL options, like caCertFile and caCertPath, are deprecated.

Identical configs, identical certs... Why is mongodb having issues on only one machine?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...