Forum Discussion
gdoyle
Cirrostratus
CirrostratusLooking to pull report for all SSL Certificates with expiration dates.
All,
I'm trying to see if there is a fast way to pull a report of all SSL certificates and their expiration dates on my Big IP device.
I used the tmsh command cd /; run /sys crypto check-cert, but that only pulls expired certificates.
Is there a better way than manually going through the GUI?
Thanks.
Vijay_ECirrus
(tmos.ltm) list profile client-ssl cert-key-chain(tmos) list sys crypto certOne or both may serve your requirement. Note: 1st command is executed from ltm module.
Andrew_HuskingWe pulled all the cert information from the REST API, has all the information there.
gdoyleWondering if anyone else has any suggestions on this? From what I've been able to find I can only pull the certificates on the Common partition.
arpydaysNimbostratus
In tmsh, if you cd / and add recursive it will look through all partitions,
cd /; list sys crypto recursive cert | grep '^sys\|expiration'cheers
Mchelle_181998the url does not go anywhere
- Jason_Nance
Python example:
!/usr/bin/env python3 import pytz from dateutil.parser import parse from f5.bigip import ManagementRoot mgmt = ManagementRoot('hostname', 'username', 'password') tz = pytz.timezone('America/Chicago') for cert in mgmt.tm.sys.file.ssl_certs.get_collection(): expiration = parse(cert.expirationString) print("Certificate '{}' expires {}".format( cert.fullPath, expiration.astimezone(tz), )) 
rbenford2311Try this
tmsh list sys crypto recursive cert | grep '^sys\|expiration' >> <filename>
SubrunAlong with this list can we filter which SSL Profile / VIP it is using ?
tmsh list sys crypto recursive cert | grep '^sys\|expiration' >> <filename>