Forum Discussion

Nimbostratus

Jul 19, 2016

Management / KeyCertificate -How to get Certificate Signature Algorithm

Hi , Currently in our organization we are doing SHA1 migration. I have been trying to get Certificate Signature Algorithm(PKCS 1 SHA-1 With RSA Encryption) from the Management::KeyCertificate ge...

Cumulonimbus

Jul 20, 2016

Well, you can do this with iControlREST.

Create a bash script named, say, "check_insecure_sig_algo.sh", with the following code:

!/bin/sh

for i in /config/filestore/files_d/Common_d/certificate_d/*; do
    if openssl x509 -text -noout -in $i | /bin/grep 'Signature Algorithm: sha1' 2>&1 > /dev/null
    then 
            echo $i
    fi
done

and then run the following remotely:

!/bin/sh

OUTPUT="$(curl -k -s -u admin:admin -H "Content-Type: application/json" -X POST https://mgmt_IP_address/mgmt/tm/util/bash -d "{\"command\":\"run\",\"utilCmdArgs\":\"-c '/path/to/check_insecure_sig_algo.sh'\"}" | jq '.commandResult')"

insecure_certs="${OUTPUT%\"}"
insecure_certs="${insecure_certs\"}"
echo "$insecure_certs"

to get a list of the certs with sha1 signature algorithm. You need to download and install jq, though.

Forum Discussion

Management / KeyCertificate -How to get Certificate Signature Algorithm

Recent Discussions

URL

Migration from i series 10200 with 1 child VCMP to r series 10900 series

Azure DP-100 Exam Questions

Deploying F5 WAF in front of Azure Web App Services

What happens if I only enable ASM in BIG-IP Under System > Resource Provisioning

Related Content

Re: Management Certificate

Automating certificate lifecycle management with HashiCorp Vault

Minimizing Security Complexity: Managing Distributed WAF Policies

F5 Venafi Solution for Enterprise Key and Certificate Management

iControl REST Authentication Token Management