Securityadmin.sh expired certificates how to recover

Security
1

Hello fellow ODFE users,

I have successfully installed an ODFE instance with custom certificates for elasticsearch, beats, logstash and also admin and root certificates quite a while ago.
It is a single elasticsearch node with logstash and an extra server with only kibana installed.

Unfortunately I missed the expiration date of these certs and am now unable to configure the cluster via securityadmin.sh.

javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed

Caused by: java.security.cert.CertificateExpiredException: NotAfter: Thu Nov 05 18:00:39 CET 2020...

Is there any way to resolve this without losing data?

If not how can I “save” the installation and start fresh in a painless way?

E.g.

  1. reset elasticsearch security index to initial security settings
  2. create new certificates
  3. apply still existing (e.g. internal_users.yml etc) with new certificates
  4. copy certificates to all nodes/beats etc
  5. restart everything

Any ideas are welcome

2

You should not need to reset any security indexes AFAIK. Just create a new certificates and replace the existent certificates. You only need to restart elastic search when you update the node certificate. You only need to restart logstash and Kibana if you needed to also update the root certificate.

3

Hi oscark, thank you for your reply.
That was simpler than I thought. I created new certificates for ca, admin, and the nodes and copied them to the machines. I reused the previous keys just to be sure.
With the new admin certificate I could run securityadmin.sh without any problem.