Forum Discussion
Nimbostratuscommand to see SSL cert in TMSH
Hello all,
Can some one tell me the command to see the SSL cert taged to each VIP .
for example I have wildcard SSL cert which was taged to multiple VIP and I want to see what all the VIPs it is available.
2 Replies
cjuniorNacreous
Hi, if you mean that the VS list names that are using a specific ssl profile, you could do this in bash:
e.g.tmsh list ltm virtual one-line |grep |awk '{print $3,$6}'tmsh list ltm virtual one-line |grep my_clientssl |awk '{print $3,$6}' vs_172_30_30_28_tcp_443 172.30.30.28:https vs_172_30_30_29_tcp_443 172.30.30.29:https- JRahm
Admin
cjunior's solution is solid if you are looking for the ssl profile. By object, the ssl profile is attached to the virtual, and the cert/key file object is attached to the ssl profile. So if you want to see the certificate file object itself, you'd need to write a tmsh script to map the objects for you. There is also a more generic config searching tool in the codeshare, but it will likely need to be modified as the structural changes with multiple certs on a vip in tmsh since it was written won't be as helpful as it used to be. For example, my testcert fileobject, ssl profile, attached to a vip, results in:
root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos) findconf testcert found 11 matches in 184 configuration objects cert-key-chain : testcert cert-key-chain testcert cert: testcert.crt key: testcert.key ltm profile client-ssl : testcert cert: testcert.crt key: testcert.key profiles : ssltestvip profiles testcert sys crypto cert : testcert.crt sys crypto key : testcert.key sys file ssl-cert : testcert.crt sys file ssl-key : testcert.keyactually now that I look at the results, the ssltestvip the testcert is applied to shows up in the profiles list highlighted above. So...should be golden.
