Knowledge Management

Why is KV Store certificate renewal not working?

conwaw
Explorer

Hi,

alt text

Does anyone know where may I find official documentation which will help me to resolve this problem?

I have renewed a certificate using this tutorial, but for some reason, MongoDB is still not starting.

https://splunkonbigdata.com/2019/07/03/failed-to-start-kv-store-process-see-mongod-log-and-splunkd-l...

mongodb.log is showing this error...

 

2020-04-11T10:27:08.899Z W CONTROL [main] net.ssl.sslCipherConfig is deprecated. It will be removed in a future release.
2020-04-11T10:27:08.902Z F NETWORK [main] The provided SSL certificate is expired or not yet valid.
2020-04-11T10:27:08.902Z F - [main] Fatal Assertion 28652 at src/mongo/util/net/ssl_manager.cpp 1145
2020-04-11T10:27:08.902Z F - [main] 
***aborting after fassert() failure

 

Can anyone here help?

Cheers
Konrad

Labels (1)
1 Solution

vinod94
Contributor

Hi dyude @conwaw ,

Try this,

  1. Stop the Splunk service.

  2. Rename the server.pem($SPLUNK_HOME/etc/auth) to server.pemck or move the pem file.

  3. Start the Splunk service.

It will generate a new server.pem

Let me know if this helps. 🙂

View solution in original post

vinod94
Contributor

Hi dyude @conwaw ,

Try this,

  1. Stop the Splunk service.

  2. Rename the server.pem($SPLUNK_HOME/etc/auth) to server.pemck or move the pem file.

  3. Start the Splunk service.

It will generate a new server.pem

Let me know if this helps. 🙂

rmendoza
Engager

This did the trick, thank you!

0 Karma

SirDrake7
Explorer

Thank you for this fix big time.

0 Karma

Eduardo_Perez
Engager

Thanks, it worked for me.

 

0 Karma

PavelP
Motivator

Hello @conwaw ,

did you find a solution for your problem?

If still not, try this command on the same host and post here a (redacted) output:

openssl s_client -connect localhost:8191
0 Karma

conwaw
Explorer

I cannot use Your command because nothing listen on port 8191. This is my problem, its not starting.

0 Karma

PavelP
Motivator

Hello Konrad,

ah, I see " The provided SSL certificate is expired or not yet valid." message. Lets check the start and end validity of the certificate.

I assume you used a createssl command with the same parameters as mentioned in the blog post and a new certificate named "server.pem" was (re)created.

can you provide output of following commands:

ls -ltr /opt/splunk/etc/auth

openssl x509 -in /opt/splunk/etc/auth/server.pem -noout -text

and other question: you have a stand alone splunk and not a (SH) cluster, right?

0 Karma
Get Updates on the Splunk Community!

This Week's Community Digest - Splunk Community Happenings [9.26.22]

Get the latest news and updates from the Splunk Community here! Upcoming User Group Events! 👏 Check ...

BSides Splunk 2022 - The Call for Papers is now Open!

TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, ...

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...