If your collector stops logging into our SIEM platform we may ask you to check the expiry date of your Java KeyStore (JKS) file (keystore.jks). This file stores the certificate for the secure connection between your collector and our SIEM platform. Without a valid keystore file, we won't be able to receive any logs from your collector.
To check the expiry date of your keystore.jks, you can use the keytool command that comes with the Java Development Kit (JDK). Here are the steps:
First, we need your keystore password, this will be found in your 90-output.conf file which should be in the default location:
C:\Program Files\logstash\config\pipeline\
Make a note of the password displayed on the following line:
ssl_keystore_password => ""
We now need to run Keytool from the Windows Command prompt to check the expiry.
Launch Command Prompt by pressing Windows Key + R to open the Run window.
Type cmd and press Enter.
In Command Prompt navigate to the logstash Java Development Kit (JDK) location:
C:\Program Files\logstash\jdk\bin
From the above location run the following command:
./keytool -list -v -keystore "c:\program files\logstash\config\certs\keystore.jks" -storepass <password>
Note: Replace <password> with the password you made a note of in step 2.
Look for the Valid from and until fields in the output. The until field will show you the expiry date of the keystore file.
That's it! ๐You now have the expiry date of your keystore.jks file.