If your collector stops logging into our SIEM platform we may ask you to check the expiry date of your Keystore certificate. This certificate ensures a secure connection between your collector and our SIEM platform. Without this, we won't be able to receive any logs from your collector.
First, we need your keystore password, this will be found in your 90-output.conf file which should be in the default location:
C:\Program Files\logstash\config\pipeline\
Make a note of the password displayed on the following line:
ssl_keystore_password => ""
Launch Command Prompt by pressing Windows Key + R to open the Run window.
Type cmd and press Enter.
Run the following command:
certutil -dump keystore.p12
You will be asked to enter the password you made a note of in Step 2.
The
certutil
command will display detailed information about the certificates in the .p12 file, including their expiration dates.Look for the section that corresponds to your certificate, and you'll find the NotAfter field, which indicates the expiration date of the certificate.
================ Certificate 0 ================
...
NotAfter: MM/DD/YYYY HH:MM:SS AM/PMThat's it! π You now have the expiry date of your keystore.p12 file.