No SSL certificate validation can be performed sin...

damode · ‎10-24-2019

Splunk version 6.5.2

Getting the below error on Splunk SH with ES,

 2019-10-25T00:45:02.649Z W CONTROL  No SSL certificate validation can be performed since no CA file has been provided; please specify an sslCAFile parameter
 2019-10-25T00:45:02.677Z F NETWORK  The provided SSL certificate is expired or not yet valid.
 2019-10-25T00:45:02.677Z I -        Fatal Assertion 28652
 2019-10-25T00:45:02.677Z I -
 ***aborting after fassert() failure

Troubleshooting - The cert installed is client's own cert and is still valid till dec 2020.
Another thing I already checked was the permission on /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key and verified is as per below,

ls -l /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key
-r--------. 1 splunk splunk 88 May 25  2017 /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key

Please advise how I can fix this issue. Thanks

empollard · ‎10-25-2019

Based on the error, it looks like the CA cert wasn't included with the SSL cert pem. Can you verify that the client's CA certificate and SSL cert were combined into one file before utilizing them for Splunk? You can find instructions here on preparing the combined pem file:

https://docs.splunk.com/Documentation/Splunk/7.3.2/Security/HowtoprepareyoursignedcertificatesforSpl...

No SSL certificate validation can be performed since no CA file has been provided

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!