For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Brandon's avatar
Brandon
Icon for Cirrostratus rankCirrostratus
Dec 09, 2021

How to find a SSL cert match SSL profile and match the VIPs

I have a certificate i need to change out. There are quite a number of VIPs with different SSL Profiles but have the same SSL certificate.

 

I would like to find a set of appropiate commands.

 

What is the best way is to find all of the SSL Profiles that has that certerificate . Then match those SSL Profiles to VIPs.

application delivery
LTM
TMSH

1 Reply

  • Enes_Afsin_Al's avatar
    Enes_Afsin_Al
    Icon for MVP rankMVP
    Dec 09, 2021

    Hi Brandon,

    Create a bash script and run it.

    #!/bin/bash
# Search /config and sub directories (partitions) for bigip.conf files
LIST=`find /config -name bigip.conf |  xargs  awk '$2 == "virtual" {print $3}' 2> /dev/null | sort -u`
echo "Virtual:          Profile:        Certificate:          Ciphers:"
echo "__________________________________________________________"
for VAL in ${LIST}
do
PROF=`tmsh show /ltm virtual ${VAL} profiles 2> /dev/null | grep -B 1 " Ltm::ClientSSL Profile:" | cut -d: -f4 | grep -i "[a-z]" | sed s'/ //'g| sort -u`
test -n "${PROF}" 2>&- && {
VIRTS=`expr $VIRTS + 1`
for PCRT in ${PROF}
do
CERT=`tmsh list /ltm profile client-ssl ${PCRT} |  awk '$1 == "cert" {print $2}' 2> /dev/null | sort -u`
test -n "${CERT}" 2>&- && {
CIPHERS=`tmsh list /ltm profile client-ssl ${PCRT} ciphers | grep ciphers | awk '{print $2}'`
echo "${VAL} ${PCRT} ${CERT} ${CIPHERS}"
}
done
}
done
echo "Virtual server count: ${VIRTS}"

    Impact of procedure: For BIG-IP systems configured with many virtual servers, F5 recommends running this script during low volume times, or on the standby BIG-IP device when applicable.

    REF: https://support.f5.com/csp/article/K20522219