Knowledge Management

Why is KV Store certificate renewal not working?

conwaw
Explorer

Hi,

alt text

Does anyone know where may I find official documentation which will help me to resolve this problem?

I have renewed a certificate using this tutorial, but for some reason, MongoDB is still not starting.

https://splunkonbigdata.com/2019/07/03/failed-to-start-kv-store-process-see-mongod-log-and-splunkd-l...

mongodb.log is showing this error...

 

2020-04-11T10:27:08.899Z W CONTROL [main] net.ssl.sslCipherConfig is deprecated. It will be removed in a future release.
2020-04-11T10:27:08.902Z F NETWORK [main] The provided SSL certificate is expired or not yet valid.
2020-04-11T10:27:08.902Z F - [main] Fatal Assertion 28652 at src/mongo/util/net/ssl_manager.cpp 1145
2020-04-11T10:27:08.902Z F - [main] 
***aborting after fassert() failure

 

Can anyone here help?

Cheers
Konrad

Labels (1)
1 Solution

vinod94
Contributor

Hi dyude @conwaw ,

Try this,

  1. Stop the Splunk service.

  2. Rename the server.pem($SPLUNK_HOME/etc/auth) to server.pemck or move the pem file.

  3. Start the Splunk service.

It will generate a new server.pem

Let me know if this helps. 🙂

View solution in original post

robertlynch2020
Motivator

worked for me - but - surely this is something that should not happen- there are no warnings in Splunk it just bang - Splunk is down in production

 

0 Karma

helge
Builder

On Windows, you may get the following error message in mongod.log:

Fatal Assertion 50755 at src\mongo\util\net\ssl_manager_windows.cpp 1609

To fix the error that causes mongod to terminate, you need the following in addition to deleting server.pem:

  1. Open Windows certificate management MMC for the local computer
  2. Navigate to Personal > Certificates
  3. Delete any entries named SplunkServerDefaultCert
Tags (1)

pavankumarh
Path Finder

This worked after lot of research. Thank You.. 

Just for others.. Dont run certmgr.msc on server. Instead run certlm.msc to see the "SplunkServerDefaultCert" entries. 

I was doing this wrong. 

0 Karma

Gregski11
Contributor

appreciate you, thank you so much 

0 Karma

vinod94
Contributor

Hi dyude @conwaw ,

Try this,

  1. Stop the Splunk service.

  2. Rename the server.pem($SPLUNK_HOME/etc/auth) to server.pemck or move the pem file.

  3. Start the Splunk service.

It will generate a new server.pem

Let me know if this helps. 🙂

tfrederick74656
Explorer

Still working in 2024, thanks so much!!

0 Karma

jmrubio
Explorer

Three years later and this worked! Thanks!!

0 Karma

Ola
New Member

Thank you so much . It works for me!!!

0 Karma

linhmai_bne
Path Finder

This solution is the one I have been looking for. Thank you.

0 Karma

juhatamminen
Engager

Hi,

I also have to do the same for server_pkcs1.pem file.

0 Karma

fabiofox
Explorer

it's working! thank you for this 🙏

 

0 Karma

Gregski11
Contributor

awesome, thank you, that did it

0 Karma

freddy_Guo
Path Finder

That worked beautifully for us. Thank you.

0 Karma

rmendoza
Engager

This did the trick, thank you!

0 Karma

SirDrake7
Explorer

Thank you for this fix big time.

0 Karma

Eduardo_Perez
Engager

Thanks, it worked for me.

 

0 Karma

PavelP
Motivator

Hello @conwaw ,

did you find a solution for your problem?

If still not, try this command on the same host and post here a (redacted) output:

openssl s_client -connect localhost:8191
0 Karma

conwaw
Explorer

I cannot use Your command because nothing listen on port 8191. This is my problem, its not starting.

0 Karma

PavelP
Motivator

Hello Konrad,

ah, I see " The provided SSL certificate is expired or not yet valid." message. Lets check the start and end validity of the certificate.

I assume you used a createssl command with the same parameters as mentioned in the blog post and a new certificate named "server.pem" was (re)created.

can you provide output of following commands:

ls -ltr /opt/splunk/etc/auth

openssl x509 -in /opt/splunk/etc/auth/server.pem -noout -text

and other question: you have a stand alone splunk and not a (SH) cluster, right?

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...