Solved: Why is KV Store certificate renewal not working?

conwaw · ‎04-11-2020

Hi,

Does anyone know where may I find official documentation which will help me to resolve this problem?

I have renewed a certificate using this tutorial, but for some reason, MongoDB is still not starting.

https://splunkonbigdata.com/2019/07/03/failed-to-start-kv-store-process-see-mongod-log-and-splunkd-l...

mongodb.log is showing this error...

2020-04-11T10:27:08.899Z W CONTROL [main] net.ssl.sslCipherConfig is deprecated. It will be removed in a future release.
2020-04-11T10:27:08.902Z F NETWORK [main] The provided SSL certificate is expired or not yet valid.
2020-04-11T10:27:08.902Z F - [main] Fatal Assertion 28652 at src/mongo/util/net/ssl_manager.cpp 1145
2020-04-11T10:27:08.902Z F - [main] 
***aborting after fassert() failure

Can anyone here help?

Cheers
Konrad

vinod94 · ‎04-14-2020

Hi dyude @conwaw ,

Try this,

Stop the Splunk service.
Rename the server.pem($SPLUNK_HOME/etc/auth) to server.pemck or move the pem file.
Start the Splunk service.

It will generate a new server.pem

Let me know if this helps. 🙂

View solution in original post

helge · ‎11-01-2022

On Windows, you may get the following error message in mongod.log:

Fatal Assertion 50755 at src\mongo\util\net\ssl_manager_windows.cpp 1609

To fix the error that causes mongod to terminate, you need the following in addition to deleting server.pem:

Open Windows certificate management MMC for the local computer
Navigate to Personal > Certificates
Delete any entries named SplunkServerDefaultCert

pavankumarh · ‎07-07-2023

This worked after lot of research. Thank You..

Just for others.. Dont run certmgr.msc on server. Instead run certlm.msc to see the "SplunkServerDefaultCert" entries.

I was doing this wrong.

Gregski11 · ‎01-06-2023

appreciate you, thank you so much

vinod94 · ‎04-14-2020

Hi dyude @conwaw ,

Try this,

Stop the Splunk service.
Rename the server.pem($SPLUNK_HOME/etc/auth) to server.pemck or move the pem file.
Start the Splunk service.

It will generate a new server.pem

Let me know if this helps. 🙂

linhmai_bne

This solution is the one I have been looking for. Thank you.

juhatamminen · ‎01-23-2023

Hi,

I also have to do the same for server_pkcs1.pem file.

fabiofox · ‎01-14-2023

it's working! thank you for this 🙏

Gregski11 · ‎01-06-2023

awesome, thank you, that did it

freddy_Guo · ‎11-09-2022

That worked beautifully for us. Thank you.

rmendoza · ‎08-18-2022

This did the trick, thank you!

SirDrake7 · ‎12-16-2020

Thank you for this fix big time.

Eduardo_Perez · ‎07-03-2020

Thanks, it worked for me.

PavelP · ‎04-13-2020

Hello @conwaw ,

did you find a solution for your problem?

If still not, try this command on the same host and post here a (redacted) output:

openssl s_client -connect localhost:8191

conwaw · ‎04-14-2020

I cannot use Your command because nothing listen on port 8191. This is my problem, its not starting.

PavelP · ‎04-14-2020

Hello Konrad,

ah, I see " The provided SSL certificate is expired or not yet valid." message. Lets check the start and end validity of the certificate.

I assume you used a createssl command with the same parameters as mentioned in the blog post and a new certificate named "server.pem" was (re)created.

can you provide output of following commands:

ls -ltr /opt/splunk/etc/auth

openssl x509 -in /opt/splunk/etc/auth/server.pem -noout -text

and other question: you have a stand alone splunk and not a (SH) cluster, right?

Why is KV Store certificate renewal not working?

kvstore

There's No Place Like Chrome and the Splunk Platform

The Great Resilience Quest: 5th Leaderboard Update

Devesh Logendran, Splunk, and the Singapore Cyber Conquest