No SSL certificate validation can be performed sin...

damode · ‎10-24-2019

Splunk version 6.5.2

Getting the below error on Splunk SH with ES,

 2019-10-25T00:45:02.649Z W CONTROL  No SSL certificate validation can be performed since no CA file has been provided; please specify an sslCAFile parameter
 2019-10-25T00:45:02.677Z F NETWORK  The provided SSL certificate is expired or not yet valid.
 2019-10-25T00:45:02.677Z I -        Fatal Assertion 28652
 2019-10-25T00:45:02.677Z I -
 ***aborting after fassert() failure

Troubleshooting - The cert installed is client's own cert and is still valid till dec 2020.
Another thing I already checked was the permission on /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key and verified is as per below,

ls -l /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key
-r--------. 1 splunk splunk 88 May 25  2017 /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key

Please advise how I can fix this issue. Thanks

empollard · ‎10-25-2019

Based on the error, it looks like the CA cert wasn't included with the SSL cert pem. Can you verify that the client's CA certificate and SSL cert were combined into one file before utilizing them for Splunk? You can find instructions here on preparing the combined pem file:

https://docs.splunk.com/Documentation/Splunk/7.3.2/Security/HowtoprepareyoursignedcertificatesforSpl...

No SSL certificate validation can be performed since no CA file has been provided

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms