Forum Discussion

swapnil1's avatar
swapnil1
Icon for Nimbostratus rankNimbostratus
May 24, 2019

How to search non expired certs list and grep a particular common name in the list

I tried following command but it does not allow me to grep a particular common name. Any ideas ?

 

tmsh -c 'cd /; run /sys crypto check-cert verbose enabled'

BIG-IP
cloud
LTM
TMSH
  • Cory_Blankenshi's avatar
    Cory_Blankenshi
    Icon for Altostratus rankAltostratus
    May 24, 2019

    Is it possible to use the iControl Rest API? You could send a GET to...

    https://your.f5.com/mgmt/tm/sys/file/ssl-cert?$select=name,subject,expirationString

    ...and search through those results.

    Is Python an option? This would do the trick...

    import requests
from datetime import datetime as dt
from requests.auth import HTTPBasicAuth
import urllib3
 
urllib3.disable_warnings()
 
# Certificate Rest API endpoint
bigip = 'https://your.f5.com/mgmt/tm/sys/file/ssl-cert'
 
# Selectors to get name, subject, and expiration date
querystring = {"$select": "name,subject,expirationString"}
 
headers = {'Content-Type': "application/json"}
 
response = requests.request('GET',
                            bigip,
                            params=querystring,
                            headers=headers,
                            auth=HTTPBasicAuth('un', 'pw'),
                            verify=False)
 
currentdt = dt.now()
for cert in response.json()['items']:
    certname = cert['name']
    certsubj = cert['subject']
    certexpdt = cert['expirationString']
 
    # Need to convert the expiration date to datetime object
    expdt = dt.strptime(certexpdt, '%b %d %H:%M:%S %Y %Z')
 
    if currentdt <= expdt and 'my_cn' in certsubj:
        print("NAME: %s" % certname)
        print("SUBJECT: %s" % certsubj)
        print("EXPIRATION: %s\n" % certexpdt)