Forum Discussion
swapnil1
Nimbostratus
NimbostratusHow to search non expired certs list and grep a particular common name in the list
I tried following command but it does not allow me to grep a particular common name. Any ideas ? tmsh -c 'cd /; run /sys crypto check-cert verbose enabled'
Cory_Blankenshi
Altostratus
AltostratusIs it possible to use the iControl Rest API? You could send a GET to...
https://your.f5.com/mgmt/tm/sys/file/ssl-cert?$select=name,subject,expirationString
...and search through those results.
Is Python an option? This would do the trick...
import requests
from datetime import datetime as dt
from requests.auth import HTTPBasicAuth
import urllib3
urllib3.disable_warnings()
# Certificate Rest API endpoint
bigip = 'https://your.f5.com/mgmt/tm/sys/file/ssl-cert'
# Selectors to get name, subject, and expiration date
querystring = {"$select": "name,subject,expirationString"}
headers = {'Content-Type': "application/json"}
response = requests.request('GET',
bigip,
params=querystring,
headers=headers,
auth=HTTPBasicAuth('un', 'pw'),
verify=False)
currentdt = dt.now()
for cert in response.json()['items']:
certname = cert['name']
certsubj = cert['subject']
certexpdt = cert['expirationString']
# Need to convert the expiration date to datetime object
expdt = dt.strptime(certexpdt, '%b %d %H:%M:%S %Y %Z')
if currentdt <= expdt and 'my_cn' in certsubj:
print("NAME: %s" % certname)
print("SUBJECT: %s" % certsubj)
print("EXPIRATION: %s\n" % certexpdt)