Forum Discussion

noc_206710

Nimbostratus

Aug 25, 2015

How to identify SHA-1 certificates

I was asked to identify all SHA-1 certificates terminating ssl on our LTMs so we can mint and replace with SHA-256 certs. How do I identify SHA-1 certificates on the LTM (11.4.1)?

1 Reply

Kevin_Stewart

Employee

Aug 25, 2015

This script will list all of the SHA1 certificates installed on an 11.3+ system:

!/bin/bash

for c in `ls --format single-column /config/filestore/files_d/Common_d/certificate_d/`;
do
    arr=($(openssl x509 -noout -text -in /config/filestore/files_d/Common_d/certificate_d/${c} |grep -E "sha1"))

    if [ -n "${arr[2]}" ]
    then
        echo ${c}
    fi

done

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)