Forum Discussion
Brandon
Cirrostratus
CirrostratusHow to find a SSL cert match SSL profile and match the VIPs
I have a certificate i need to change out. There are quite a number of VIPs with different SSL Profiles but have the same SSL certificate.
I would like to find a set of appropiate commands.
What is the best way is to find all of the SSL Profiles that has that certerificate . Then match those SSL Profiles to VIPs.
Hi Brandon,
Create a bash script and run it.
#!/bin/bash # Search /config and sub directories (partitions) for bigip.conf files LIST=`find /config -name bigip.conf | xargs awk '$2 == "virtual" {print $3}' 2> /dev/null | sort -u` echo "Virtual: Profile: Certificate: Ciphers:" echo "__________________________________________________________" for VAL in ${LIST} do PROF=`tmsh show /ltm virtual ${VAL} profiles 2> /dev/null | grep -B 1 " Ltm::ClientSSL Profile:" | cut -d: -f4 | grep -i "[a-z]" | sed s'/ //'g| sort -u` test -n "${PROF}" 2>&- && { VIRTS=`expr $VIRTS + 1` for PCRT in ${PROF} do CERT=`tmsh list /ltm profile client-ssl ${PCRT} | awk '$1 == "cert" {print $2}' 2> /dev/null | sort -u` test -n "${CERT}" 2>&- && { CIPHERS=`tmsh list /ltm profile client-ssl ${PCRT} ciphers | grep ciphers | awk '{print $2}'` echo "${VAL} ${PCRT} ${CERT} ${CIPHERS}" } done } done echo "Virtual server count: ${VIRTS}"Impact of procedure: For BIG-IP systems configured with many virtual servers, F5 recommends running this script during low volume times, or on the standby BIG-IP device when applicable.
