Expiring cerificates - Cluster still functional?

Dear community,
in 7x certificates secure the elasticsearch node to node communication, then the communication node to kibana and the client to kibana communication.
What happens if such a secured cluster its certificates get expired: is the cluster dead? Can you still work with the client but you only get some kind of allarms?
Any kind of insight in it is highly appreciated!
cheers

Hi,

You cluster might still be working, but your cluster will not be able to establish new connections between nodes. Effectively your cluster will fail, but at a future time.

It could happen due to a network issue, or because you need to restart a node for some reason and If you try restarting a node you should find that it cannot connect to the other nodes in the cluster and it'll not be able to authenticate and establish the connect with the existing cluster.

You will need to deploy new certificates.

GET /_ssl/certificates

Use the above command in Dev Tools to get details about your certificate and expiry days so that you can act accordingly.

Thanks.

1 Like

...it is possible to deactivate the securit< settings for the communication between node to node and node to kibana. If a certificate runs out betwenn browser and kibana it shoud not be that terrible - I think https would be still in place but you would get an error.
Any thoughts? Thank you,

I do not suggest you to disable the security. But if you still insist to do, then below is the way to do it.

Set the parameter xpack.security.enabled: false in elasticsearch.yml and kibana.yml and restart your cluster and the complete security will be disabled.

This will disable all the X-Pack security features including TLS, HTTPS, etc.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.