Splunk version 6.5.2
Getting the below error on Splunk SH with ES,
2019-10-25T00:45:02.649Z W CONTROL No SSL certificate validation can be performed since no CA file has been provided; please specify an sslCAFile parameter
2019-10-25T00:45:02.677Z F NETWORK The provided SSL certificate is expired or not yet valid.
2019-10-25T00:45:02.677Z I - Fatal Assertion 28652
2019-10-25T00:45:02.677Z I -
***aborting after fassert() failure
Troubleshooting - The cert installed is client's own cert and is still valid till dec 2020.
Another thing I already checked was the permission on /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key
and verified is as per below,
ls -l /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key
-r--------. 1 splunk splunk 88 May 25 2017 /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key
Please advise how I can fix this issue. Thanks
Based on the error, it looks like the CA cert wasn't included with the SSL cert pem. Can you verify that the client's CA certificate and SSL cert were combined into one file before utilizing them for Splunk? You can find instructions here on preparing the combined pem file: