Get list of all certificates and their correspondantes keys through the REST API (or cli) in BIG-IP

If you want to find the private key that corresponds to a particular certificate, you need to:

1) Get the certificate. See Mario's answer (i.e., POST /mgmt/tm/util/bash). The following Python trick gives you just the certificate part. Redirect the output to a file.

... iControl REST bash call ... | python -c 'import sys,json; o=json.load(sys.stdin); print o["commandResult"]'

(I know. Some prefer jq)

2) Get the list of keys from /mgmt/tm/sys/file/ssl-cert: e.g.,

curl -sku $PASS https://$HOST/mgmt/tm/sys/file/ssl-cert | \
python -c 'import sys,json; o=json.load(sys.stdin); print "\n".join([x["systemPath"] for x in o["items"]])'

3) Get all the keys. See the Mario's answer.

4) Extract the modulus part from the certificate and all keys: e.g. (<file> here comes from Step 1 and 3),

openssl x509 -noout -modulus -in <file>| awk -F= '{print $2}'

Find the key that has the same modulus as the certificate.

It would be a good idea to write a script that performs the matching on the target BIG-IP and returns the key name, and call it from iControl REST. That reduces the amount of calls (because certs and keys are found locally on BIG-IP).