Forum Discussion

gdoyle's avatar
gdoyle
Icon for Cirrostratus rankCirrostratus
Sep 20, 2016

Looking to pull report for all SSL Certificates with expiration dates.

All,

 

I'm trying to see if there is a fast way to pull a report of all SSL certificates and their expiration dates on my Big IP device.

 

I used the tmsh command cd /; run /sys crypto check-cert, but that only pulls expired certificates.

 

Is there a better way than manually going through the GUI?

 

Thanks.

 

  • Try this

    tmsh list sys crypto recursive cert | grep '^sys\|expiration' >> <filename>

     

    • Subrun's avatar
      Subrun
      Icon for Cirrostratus rankCirrostratus

      Along with this list can we filter which SSL Profile / VIP it is using ?

       

      tmsh list sys crypto recursive cert | grep '^sys\|expiration' >> <filename>

  • Python example:

    !/usr/bin/env python3
    
    import pytz
    
    from dateutil.parser import parse
    from f5.bigip import ManagementRoot
    
    mgmt = ManagementRoot('hostname', 'username', 'password')
    tz = pytz.timezone('America/Chicago')
    
    for cert in mgmt.tm.sys.file.ssl_certs.get_collection():
        expiration = parse(cert.expirationString)
    
        print("Certificate '{}' expires {}".format(
            cert.fullPath,
            expiration.astimezone(tz),
        ))
    
  • In tmsh, if you cd / and add recursive it will look through all partitions,

    cd /; list sys crypto recursive cert | grep '^sys\|expiration'

    cheers

  • gdoyle's avatar
    gdoyle
    Icon for Cirrostratus rankCirrostratus

    Wondering if anyone else has any suggestions on this? From what I've been able to find I can only pull the certificates on the Common partition.

     

  • (tmos.ltm) list profile client-ssl cert-key-chain

    (tmos) list sys crypto cert

    One or both may serve your requirement. Note: 1st command is executed from ltm module.