X-pack licence warning

#
# License [will expire] on [Friday, July 14, 2017]. If you have a new license, please update it.
# Otherwise, please reach out to your support contact.
# 
# Commercial plugins operate with reduced functionality on license expiration:
# - security
#  - Cluster health, cluster stats and indices stats operations are blocked
#  - All data operations (read and write) continue to work
# - watcher
#  - PUT / GET watch APIs are disabled, DELETE watch API continues to work
#  - Watches execute and write to the history
#  - The actions of the watches don't execute
# - monitoring
#  - The agent will stop collecting cluster and indices metrics
#  - The agent will stop automatically cleaning indices older than [xpack.monitoring.history.duration]
# - graph
#  - Graph explore APIs are disabled
# - ml
#  - Machine learning APIs are disabled
[2017-06-19T11:51:57,806][WARN ][o.e.l.LicenseService     ] [2rjebRN] 

Hi all,

i am getting the above warning. It says that licence will expire on july 14th.. But i see my SSL authentication is not working well. Can you please tell me is my x-pack security feature is disabled now.

Elasticsearch is up on,
https://132.186.102.153:9200/

but kibana and logstash are unable to connect. The setup was working for me on last friday. But since today morning, i am not able to connect to elasticsearch both from logstash and kibana.

i get the below error in logstash,

:Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://elastic:xxxxxx@132.186.102.153:9200/][Manticore::ClientProtocolException] KeyUsage does not allow digi
tal signatures"}

No, since your license has not expired yet, no features have been disabled (*)

(*) If the date/time on your server is wrong, then it's possible that the license will expire before it's intended to. But that's unlikely to be the case here.

The SSL problems you seem to be experiencing should not be due to license expiry, but I can't really tell you what the problem could be without more details.

Based on the error from logstash, it looks like the certificate you're using on your Elasticsearch isn't valid for that purpose, but that's just guesswork from 1 error message.

@TimV,

Hi Tim,
I am using new certificates now. The error is gone now. But i dont see logs coming to logstash from filebeat now.
I get connection refused error,
2017/06/19 07:13:04.870474 single.go:140: ERR Connecting error publishing events (retrying): dial tcp 127.0.0.1:5043: connectex: No connection could be made because the target machine actively refused it.

@TimV,

What should be the format of the certificate in the output filter of logstash.conf.
output {
elasticsearch {
hosts => ["132.186.102.153:9200"]
user => "elastic"
password => "changeme"
ssl => true
cacert => "D:/Softwares/ELK/elasticsearch-5.4.0/elasticsearch-5.4.0/config/x-pack/ELK_SSL_Certificates/testca/cacert.cer"
}
stdout { codec => rubydebug }
}

it should be .pem or .cer or ,crt. I tried all. Nothing works.

Please help me

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.