For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Buddy_Edwards_1's avatar
Buddy_Edwards_1
Icon for Nimbostratus rankNimbostratus
Sep 09, 2016

Get ClientSSL and ServerSSL profiles using the Rest API

I've written the following script so that I can document at a high level the VIPs that I have created without having to dig into them every time I need to know pools, irules, members, etc... the prob...
devops
iControl
iControlREST
Kevin_Nelson's avatar
Kevin_Nelson
Icon for Nimbostratus rankNimbostratus
Jan 24, 2018

Using James' information, this is a single-line (with a couple pre-configured conditions) that I used to verify the expected Server-side SSL profiles were assigned on a list of VIPs configured with a particular pool name pattern (where the pool names are POOL_200 or POOL_210):

Get-VirtualServer | ? Pool -match '.*/POOL_2[0,1]0' | Select Name,Pool,@{Name="ServerProfile"; Expression={ ( Invoke-RestMethod -Uri ( $_.profilesReference.link -replace "localhost", "" ) -Credential $cred ).items | ? context -eq serverside | Select -ExpandProperty Name } }

The pre-configured conditions were a stored credential (

$cred = Get-Credential
) adequate for authenticating with the LTM and the establishment of the F5 session using the stored credential (
New-F5Session -LTMName  -LTMCredentials $cred
). The stored credential is used again in the inline 
Invoke-RestMethod
in the command.

The result looked something like this:

name   pool              ServerProfile
----   ----              -------------
VIP_A  /Common/POOL_200  serverssl-custom
VIP_B  /Common/POOL_210  serverssl-custom
VIP_C  /Common/POOL_210  serverssl-custom
VIP_D  /Common/POOL_200  serverssl-custom
VIP_E  /Common/POOL_210  serverssl-custom

You could change 

context -eq serverside
to 
context -eq clientside
to see that profile or otherwise change the selection to suit.