Environment- Single Splunk 7.3.9 search head / indexer with FIPS_MODE=1 etc/system/local/server.conf       [sslConfig] sslRootCAPath = $SPLUNK_HOME\etc\auth\mycerts\consolidatedCA.pem [kvstore] serverCert = mycerts\kvstore_consolidated.pem sslPassword = <password_for_private_key>       the "kvstore_consolidated.pem" contains my private key, and the server cert. Issue: kvstore fails to start. (log below from splunkd.log)     07-19-2021 11:06:35.763 -0400 ERROR KVStoreConfigurationProvider - Could not get ping from mongod. 07-19-2021 11:06:35.763 -0400 ERROR KVStoreConfigurationProvider - Could not start mongo instance. Initialization failed. 07-19-2021 11:06:35.763 -0400 ERROR KVStoreBulletinBoardManager - KV Store changed status to failed. Failed to start KV Store process. See mongod.log and splunkd.log for details.. 07-19-2021 11:06:35.763 -0400 ERROR KVStoreBulletinBoardManager - Failed to start KV Store process. See mongod.log and splunkd.log for details.     mongod.log      2021-07-15T14:36:03.080Z E NETWORK [conn941] SSL peer certificate validation failed: unsupported certificate purpose 2021-07-15T14:36:03.080Z I NETWORK [conn941] Error receiving request from client: SSLHandshakeFailed: SSL peer certificate validation failed: unsupported certificate purpose. Ending connection from 127.0.0.1:52128 (connection id: 941)     so it seems like the server is trying to make loopback requests and trying to act as both the server and the client in SSL comms. In reading this , (while its not the same issue), the suggestion is to have the CA sign the CSR so its both client and server.  Before I go down this road (the CA I am using does not seem to support this- it can only sign as  either "user" or "server"), just want to see if anyone else have ran into this?  I also tried the server.conf settings in this article, but with same results: https://splunkcommunity.com/wp-content/uploads/2019/11/FIPSConf_Final.pdf ... View more