Skip to main content
All CollectionsSIEMCollectorsLinux
How to check your keystore.jks expiry date on Linux
How to check your keystore.jks expiry date on Linux

In this guide we'll go through the steps to check the expiry date of your collector's keystore.jks file.

Alan Butcher avatar
Written by Alan Butcher
Updated over a year ago

If your collector stops logging into our SIEM platform we may ask you to check the expiry date of your Keystore certificate. This certificate ensures a secure connection between your collector and our SIEM platform. Without this, we won't be able to receive any logs from your collector.

How to check using keytool

To check the expiry date of a password-protected Java KeyStore (JKS) file (keystore.jks), you can use the "keytool" command that comes with the Java Development Kit (JDK). Here are the steps:

1. Open a command prompt or terminal window on your collector.

Type the following command and press Enter:

keytool -list -v -keystore /etc/logstash/certs/keystore.jks -storepass `grep ssl_keystore_password /etc/logstash/conf.d/90-output.conf | awk '{print $3}' | awk -F "\"" '{print $2}'` 2>/dev/null | grep "Valid from:" | head -n 1 | awk -F "until:" '{print $2}'

This will print the Valid from and Valid until dates to your screen.



How to check manually

You can complete the above check manually by following the steps below:

1. To find your keystore password we need to need to look at your 90-output.conf file.

2. Type the following command and press Enter:

cat /etc/logstash/conf.d/90-output.conf

3. Make a note of the password displayed on the following line:

ssl_keystore_password => ""

4. Type the following command and press Enter:

keytool -list -v -keystore /etc/logstash/certs/keystore.jks -storepass <password> | less

Note: Replace "<password>" with the password you made a note of in step 3.

5. Look for the Valid from and Valid until fields in the output. The Valid until field will show you the expiry date of the keystore file.

Did this answer your question?