How to understand, already installed SSL certificates are used where & how..?

The simple answer is you need to look at all the Client and Server SSL Profiles configured on the F5 BIG-IP and see if the cert/key is configured to be used.

 

However, this is not as easy as it sounds and many people have worked on solutions to map SSL profiles to certs and keys.

 

A solution I did on the command line can be found in the answer to this question here: Reporting : Virtual Server - SSL Certificate Mapping

 

You can see the certificates with their expiry info in the GUI

System  ››  Certificate Management : Traffic Certificate Management : SSL Certificate List

The GUI does not show where the certificates are being used, but you can extract that info with command line/tmsh:

 tmsh list ltm profile client-ssl recursive cert-key-chain

This gives you a list of certificate config items in the client-ssl profiles.

ltm profile client-ssl clientssl {
    cert-key-chain {
        default {
            app-service none
            cert default.crt
            chain none
            key default.key
            passphrase none
        }
    }
}

Hello,

 

Here is another way to see which CERT's have a VIP assigned to them. (VER: 12.1.2)

 

Step 1. Navigate to the "System" tab File Management / SSL Certificate List

 

Step 2. Find and choose SSL Cert in question

 

Step 3. Click on the "Instance" Tab

 

Step 4. This will show you the VIP the SSL CERT is pointing to.