Knowledge Management

Why is KV Store certificate renewal not working?

conwaw
Explorer

Hi,

alt text

Does anyone know where may I find official documentation which will help me to resolve this problem?

I have renewed a certificate using this tutorial, but for some reason, MongoDB is still not starting.

https://splunkonbigdata.com/2019/07/03/failed-to-start-kv-store-process-see-mongod-log-and-splunkd-l...

mongodb.log is showing this error...

 

2020-04-11T10:27:08.899Z W CONTROL [main] net.ssl.sslCipherConfig is deprecated. It will be removed in a future release.
2020-04-11T10:27:08.902Z F NETWORK [main] The provided SSL certificate is expired or not yet valid.
2020-04-11T10:27:08.902Z F - [main] Fatal Assertion 28652 at src/mongo/util/net/ssl_manager.cpp 1145
2020-04-11T10:27:08.902Z F - [main] 
***aborting after fassert() failure

 

Can anyone here help?

Cheers
Konrad

Labels (1)
1 Solution

vinod94
Contributor

Hi dyude @conwaw ,

Try this,

  1. Stop the Splunk service.

  2. Rename the server.pem($SPLUNK_HOME/etc/auth) to server.pemck or move the pem file.

  3. Start the Splunk service.

It will generate a new server.pem

Let me know if this helps. 🙂

View solution in original post

Seawheels51
Path Finder

Thank you, it worked for me

0 Karma

kell_cena
Explorer

Worked on 9.2.1 , the add-on was not running.

0 Karma

robertlynch2020
Influencer

worked for me - but - surely this is something that should not happen- there are no warnings in Splunk it just bang - Splunk is down in production

 

0 Karma

helge
Builder

On Windows, you may get the following error message in mongod.log:

Fatal Assertion 50755 at src\mongo\util\net\ssl_manager_windows.cpp 1609

To fix the error that causes mongod to terminate, you need the following in addition to deleting server.pem:

  1. Open Windows certificate management MMC for the local computer
  2. Navigate to Personal > Certificates
  3. Delete any entries named SplunkServerDefaultCert
Tags (1)

pavankumarh
Path Finder

This worked after lot of research. Thank You.. 

Just for others.. Dont run certmgr.msc on server. Instead run certlm.msc to see the "SplunkServerDefaultCert" entries. 

I was doing this wrong. 

0 Karma

Gregski11
Contributor

appreciate you, thank you so much 

0 Karma

vinod94
Contributor

Hi dyude @conwaw ,

Try this,

  1. Stop the Splunk service.

  2. Rename the server.pem($SPLUNK_HOME/etc/auth) to server.pemck or move the pem file.

  3. Start the Splunk service.

It will generate a new server.pem

Let me know if this helps. 🙂

mahegstrom
Explorer

Just upgraded to 9.2.2 on our heavy forwarder and had the same KV store errors. Our mongod.log displayed the same ssl errors. These steps worked perfectly! 

0 Karma

eholz1
Contributor

This has not worked for me, any ideas? here is my SSLconfig line in server.conf

[sslConfig]

sslPassword = $7$IVRDJa9zz5Rmt3ZehltRkIK2vnYpOPiMSSAZMNAUqdQ7hQAGf2GNXg

 

No other lines in the file. I am open to suggestions, and get this as well:

WARNING: Server Certificate Hostname Validation is disabled., see server.conf, etc

Thanks,

EWHolzx

0 Karma

tfrederick74656
Explorer

Still working in 2024, thanks so much!!

0 Karma

jmrubio
Path Finder

Three years later and this worked! Thanks!!

0 Karma

Ola
New Member

Thank you so much . It works for me!!!

0 Karma

linhmai_bne
Path Finder

This solution is the one I have been looking for. Thank you.

0 Karma

juhatamminen
Engager

Hi,

I also have to do the same for server_pkcs1.pem file.

0 Karma

fabiofox
Explorer

it's working! thank you for this 🙏

 

0 Karma

Gregski11
Contributor

awesome, thank you, that did it

0 Karma

freddy_Guo
Path Finder

That worked beautifully for us. Thank you.

0 Karma

rmendoza
Engager

This did the trick, thank you!

0 Karma

SirDrake7
Explorer

Thank you for this fix big time.

0 Karma

Eduardo_Perez
Engager

Thanks, it worked for me.

 

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...