One of the certificates associated with our universal forwarders is due to expire this week. While we have renewed the certificate, we are yet to push it on all universal forwarders. My question is: if we are unable to push new certificate by weekend will the universal forwarders stop logging the data and sharing it with indexes?
It's not clear which side of the connection is using certs for authentication - is it only the server or is it mutual tls. In case of mutual tls, you should not use the same crypto material for multiple clients!