Forum Discussion

Brandon's avatar
Icon for Cirrostratus rankCirrostratus
Dec 09, 2021

How to find a SSL cert match SSL profile and match the VIPs

I have a certificate i need to change out. There are quite a number of VIPs with different SSL Profiles but have the same SSL certificate.


I would like to find a set of appropiate commands.


What is the best way is to find all of the SSL Profiles that has that certerificate . Then match those SSL Profiles to VIPs.

1 Reply

  • Hi Brandon,

    Create a bash script and run it.

    # Search /config and sub directories (partitions) for bigip.conf files
    LIST=`find /config -name bigip.conf |  xargs  awk '$2 == "virtual" {print $3}' 2> /dev/null | sort -u`
    echo "Virtual:          Profile:        Certificate:          Ciphers:"
    echo "__________________________________________________________"
    for VAL in ${LIST}
    PROF=`tmsh show /ltm virtual ${VAL} profiles 2> /dev/null | grep -B 1 " Ltm::ClientSSL Profile:" | cut -d: -f4 | grep -i "[a-z]" | sed s'/ //'g| sort -u`
    test -n "${PROF}" 2>&- && {
    VIRTS=`expr $VIRTS + 1`
    for PCRT in ${PROF}
    CERT=`tmsh list /ltm profile client-ssl ${PCRT} |  awk '$1 == "cert" {print $2}' 2> /dev/null | sort -u`
    test -n "${CERT}" 2>&- && {
    CIPHERS=`tmsh list /ltm profile client-ssl ${PCRT} ciphers | grep ciphers | awk '{print $2}'`
    echo "${VAL} ${PCRT} ${CERT} ${CIPHERS}"
    echo "Virtual server count: ${VIRTS}"

    Impact of procedure: For BIG-IP systems configured with many virtual servers, F5 recommends running this script during low volume times, or on the standby BIG-IP device when applicable.