Forum Discussion
Santavi_241428
Nimbostratus
NimbostratusChecking SHA1 cert on BIG IP LTM Ver 10.2
Hi team,
I need to know which are the certs are in LTM (version 10.2 ) has sha1 installed in it..I am not getting help form my web service team to validate each and every virtual server tested. ...
Good stuff. Then if the output you got from the script was ONLY errors you should be sha1 free. 🙂
You can try this script as well to get some more output. If it works as expected you should see:
Here's the sha1 certificates:
... list of SHA1 certificate if any
Here's Here's the SHA256/384/512 certificates:
... list of SHA256/384/512 certificates
And here's the script:
echo "Here's the sha1 certificates:"
for c in `ls --format single-column /config/ssl/ssl.crt/certificate_d/`;
do
arr=($(openssl x509 -noout -text -in /config/ssl/ssl.crt/certificate_d/${c} |grep -E "sha1"))
if [ -n "${arr[2]}" ]
then
echo "SHA1: ${c}"
fi
done
echo "Here's the SHA256/384/512 certificates:"
for c in `ls --format single-column /config/ssl/ssl.crt/certificate_d/`;
do
arr2=($(openssl x509 -noout -text -in /config/ssl/ssl.crt/certificate_d/${c} | grep -E 'Signature\sAlgorithm\:\s+(sha|SHA)(256|384|512)'))
if [ -n "${arr2[2]}" ]
then
echo "SHA256/384/512: ${c}"
fi
done
Please ignore the certificates that had errors before. I don't have access to a linux shell at the moment so I can't write a reliable script to filter them out.
/Patrik
