This was previously mentioned in a different post. Here is what you need to know:
check the expiry of the existing server.pem file, run the below command
$SPLUNK_HOME/bin/splunk cmd openssl x509 -enddate -noout -in /opt/splunk/etc/auth/server.pem
if the certificate is expired, then generate a new one which fixed the issue for us.
Generate the new cert:
mv $SPLUNK_HOME/etc/auth/server.pem $SPLUNK_HOME/etc/auth/server.pem.old
restart Splunk and this should fix the issue. Run this on the instance where KV store is being used.
... View more