Security

Why am I receiving this error "No SSL Cert Validation can be performed since no CA File has been provided" in KV Store?

Jarohnimo
Builder

Hello All,

I'm working within the windows environment. I'm getting 3 error messages in my Splunk Web Browser that probably related to an expired cert on our indexer (Only on our splunk indexer). I believe at one point the previous person in my position setup the Web Server to use SSL. However, that local Cert CA authority is no longer in existence within our subnet AND the Cert has expired. We'd simply like to return splunk back to it's out of the box settings (No SSL Cert used in the web browser).

What did I do so far?
From the browser I switched it from SSL Enabled to non SSL. I believe I need to make some more changes within the configurations though. I believe somewhere it's still referencing the Local SSL Cert Auth instead of the previous Original SSL/ self signed CA Root cert. How do I get things back to square one/ OOTB?

The Bad:
1) From the Web Browser I keep getting this message pop up: " Search peer "Server A" has the following message: KV Store changed status to failed. KV Store process terminated".

2) Search peer "Server A" has the following message: Failed to start KV Store Process. See mongod.log and splunkd.log

When I navigate to mongo DB I see since the 19th of March I've been getting this message:

CONTROL: "No SSL Certificate validation can be performed since no CA File has been provided; please specify an sslCAFile parameter"
NETWORK: "The provided SSL Certificate is expired or not yet valid"
I: Fatal Assertion 28652

I'm on a windows box and I' would like to know the steps required to correctly point my SSL/ sslCAFile. Once again we do not use SSL from the web browser so the out of the box self signed certs would work fine for me. Thanks for your assistance.

0 Karma
1 Solution

Jarohnimo
Builder

I believe I just referenced the SSL conf files and directory from a working server and copied it over. Since splunk/ Linux are flat file based system splunk didn't seem to have an issue.

View solution in original post

0 Karma

Jarohnimo
Builder

I believe I just referenced the SSL conf files and directory from a working server and copied it over. Since splunk/ Linux are flat file based system splunk didn't seem to have an issue.

0 Karma

varunCarbyne
Explorer

Hi Jarohnimo,

Please let us know if this got resolved for you and how you did that.

Getting same issue

Jarohnimo
Builder

I believe I just referenced the SSL conf files and directory from a working server and copied it over. Since splunk/ Linux are flat file based system splunk didn't seem to have an issue.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...