Forum Discussion
Eric_Frankenfie
Nimbostratus
NimbostratusGet Profile_Type_Client_SSL from Virtual Server
I am trying to retrieve the client SSL profile from a list of virtual servers, but I am having difficulties. Any help would be greatly appreciated
Here is what I have so far:
Get list of v...
Hi eric,
the following one is a quick shot to map virtual > client-ssl profile > cert in use > cert expiration for all virtual servers. It does not display information selectivly. Challenge here is to convert the OpenSSL date output into universal format to match versus current date. Found a script for that but had no time yet to implement this function. Try this, please (for v10 only):!/bin/bash
Script to map virtual server > client-ssl profile > ssl certificate > expiration date
version: 0.01
author: Stephan Manthey
tested for TMOS v10.2.4 only
not supporting certificate bundles
not including chain / intermediate certificates
(TMOS v11 stores certs in filestore and provides tmsh commands for cert data!)
usage:
- copy i.e. to /var/tmp/map_virtual_certs
- run chmod +x /var/tmp/map_virtual_certs
- run command /var/tmp/map_virtual_certs
create sed dictionary to map certificates and expiration date
for cert in /config/ssl/ssl.crt/*.crt
do echo -n "$cert;" | sed -r 's/config/ssl/ssl.crt/g;s(.*)s/;\1/;\1g'
openssl x509 -noout -enddate -in $cert | sed -r 'snotAfter=g;s$;/gg'
done > /var/tmp/ssl-cert-exp-dict
create list of client-ssl profiles
tmsh list ltm profile client-ssl | \
awk '/^ltm profile client-ssl/ {print ";" $4 ";"}' > /var/tmp/client-ssl-list
create sed dictionary to map client-ssl profiles and used certs
tmsh list ltm profile client-ssl cert | tr -d "\n{" | tr "}" "\n" | \
tr -s '[[:blank:]]' | awk '{print "s/;" $4 ";/;" $4 ";" $6 ";/g"}' > /var/tmp/client-ssl-cert-dict
create sed dictionary to replace profile list in virtual servers by client-ssl profiles only
tmsh list ltm profile client-ssl | \
awk '/^ltm profile client-ssl/ {print "s/^([^;]+).*;" $4 ";.*$/\\1;" $4 ";/g"}' > /var/tmp/client-ssl-dict
apply dictionaries to virtual servers
tmsh list ltm virtual profiles | grep -vE '^[[:blank:]]+(profiles \{|\}|context)' | \
tr -d "\n\{" | tr "}" "\n" | tr -s '[[:blank:]]' | \
sed -r 's/^ltm virtual //g;s/[[:blank:]]$//g;s/$/;/g' | tr '[[:blank:]]' ';' | \
grep -f /var/tmp/client-ssl-list | sed -r -f /var/tmp/client-ssl-dict | \
sed -r -f /var/tmp/client-ssl-cert-dict | sed -r -f /var/tmp/ssl-cert-exp-dict
remove temp files
rm -f /var/tmp/ssl-cert-exp-dict /var/tmp/client-ssl-list /var/tmp/client-ssl-cert-dict /var/tmp/client-ssl-dict 2>/dev/null
Thanks, Stephan