Splunk Enterprise

Why is KV store failing in Search Head Cluster evironment while enable SSL certificate in Splunk version 9.0.2?

restinlinux
Explorer

For KVstore, $Splunk_HOME/etc/system/local/sever.conf was configured to use SSL.
However, the following error is occurring and the kvstore process is not starting properly.
Regarding the Web UI, we recognise that there is no problem with the certificate itself, as TLS communication is possible using the same server signature.

Splunkd.log

ERROR MongodRunner [5072 MongodLogThread] - mongod exited abnormally (exit code 1, status: exited with code 1) - look at mongod.log to investigate.

Mongod.log

 CONTROL [main] Failed global initialisation: InvalidSSLConfiguration: Could not find private key attached to the Failed global initialisation: InvalidSSLConfiguration: Could not find private key attached to the selected certificate.

Please provide information on how to resolve the above issue.

Labels (1)
Tags (3)
0 Karma
1 Solution

Yogeshredhat14
Explorer

Hi @restinlinux ,

This is the product bug in 9.0.0, 9.0.1, 9.0.2, and 9.0.3 Splunk versions Specifically for the Windows-based operating systems.
 
Issue Number: SPL-233007, SPL234066
 
Issue Description: KV Store (mongod) fails to find the private key for a given certificate on Windows. It searches for -sslCertificateSelector subject=US
 
[Workaround]
 
In order to solve the issue, Splunk has given a workaround to use Splunkd’s default generated certificate in the following directory, $SPLUNK_HOME/etc/auth/server.pem

View solution in original post

Yogeshredhat14
Explorer

Hi @restinlinux ,

This is the product bug in 9.0.0, 9.0.1, 9.0.2, and 9.0.3 Splunk versions Specifically for the Windows-based operating systems.
 
Issue Number: SPL-233007, SPL234066
 
Issue Description: KV Store (mongod) fails to find the private key for a given certificate on Windows. It searches for -sslCertificateSelector subject=US
 
[Workaround]
 
In order to solve the issue, Splunk has given a workaround to use Splunkd’s default generated certificate in the following directory, $SPLUNK_HOME/etc/auth/server.pem
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...