Forum Discussion

jwlarger's avatar
Icon for Cirrus rankCirrus
Jan 25, 2021

How to list all SAN entries by cert file and/or count them

We need to search for a cert file that we were told had these attributes - somename (obivoulsy not the real name, but it was wrong), a specific expiration date (there weren't ANY certs expiring that day), and quite specifically 98 SAN DNS entries. So, it's two strikes - anyone think they can get us on base, either by listing or - preferably - counting, so we do a search across the F5 fleet?


As an aside, I usually see F5 use 'F5 estate' but I think 'F5 fleet' is cooler.

2 Replies

  • Hi


    One way you could do this from BASH is to run something like this from the Cert directory (/config/filestore/files_d/Common_d/certificate_d) to output the info


    for f in *; do echo ${f}; openssl x509 -in ${f} -noout -text | awk '/DNS:/' | tr -d ' ' | sed 's/,/\n/g' | wc -l; done;


    This will iterate through all of the files in the directory and will output the name of the file and the number of SAN entries like this