Hi livehybrid, Thank you for pointing that out to me. Regarding your suggested solution. It was very helpful. I checked the mongod.log using the following command: tail -n 200 $SPLUNK_HOME/var/log/splunk/mongod.log The output clearly showed the issue: 2025-03-27T10:16:32.087Z W NETWORK [main] Server certificate has no compatible Subject Alternative Name. This may prevent TLS clients from connecting
2025-03-27T10:16:32.087Z F NETWORK [main] The provided SSL certificate is expired or not yet valid.
2025-03-27T10:16:32.087Z F - [main] Fatal Assertion 28652 at src/mongo/util/net/ssl_manager_openssl.cpp 1182
2025-03-27T10:16:32.087Z F - [main]
***aborting after fassert() failure It turned out that the server SSL certificate had expired. Here are the steps I took to resolve the issue: 1- Backed up the existing certificate: cp $SPLUNK_HOME/etc/auth/server.pem $SPLUNK_HOME/etc/auth/server.pem.bak 2- Generated a new self-signed certificate: splunk createssl server-cert -d $SPLUNK_HOME/etc/auth -n server (This creates a new server.pem valid for 2 years.) 3- restart splunk ./splunk restart 4- Verified KV Store status: splunk show kvstore-status #####Note for Search Head Cluster#### Since we’re running a SH cluster, I made sure to: Copy the new server.pem to all search head members. Restart Splunk on each node. These steps fully resolved the issue, and the KV Store is now functioning as expected.
... View more
