SeachGurad SSL ceritificate creation with example-pki-scripts

We are using serachguard 2.4 and es 2.4. As per current certificate and which are generated by default ./example.sh

searchguard.ssl.http.keystore_filepath: node-0-keystore.jks

searchguard.ssl.transport.truststore_filepath: truststore.jks

As per the validate , looks like node-0-keystore.jks is going to expired in next 2 months but other validates are Oct 24 16:20:11 IST 2026.

Can you please let me know which is correct one ?

Please find the details below

keytool -v -list -keystore node-0-keystore.jks | grep ‘Valid from’

Enter keystore password: ****

Valid from: Mon Oct 24 16:20:15 IST 2016 until: Wed Oct 24 16:20:15 IST 2018

Valid from: Mon Oct 24 16:20:12 IST 2016 until: Sat Oct 24 16:20:12 IST 2026

Valid from: Mon Oct 24 16:20:11 IST 2016 until: Sat Oct 24 16:20:11 IST 2026

keytool -v -list -keystore truststore.jks | grep ‘Valid from’

Enter keystore password: ****

Valid from: Mon Oct 24 16:20:11 IST 2016 until: Sat Oct 24 16:20:11 IST 2026

Thanks

Ashok

Both ES and SG 2.4 are end of life already and this not supported anymore.

If you still want to use it, you will need to change the expiry date yourself directly in the scripts. I guess the 2026 end date is for the root CA and the other one is for the node and admin certificates.