For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

access2AE_25064's avatar
access2AE_25064
Icon for Nimbostratus rankNimbostratus
Jul 19, 2016

Management / KeyCertificate -How to get Certificate Signature Algorithm

Hi ,   Currently in our organization we are doing SHA1 migration. I have been trying to get Certificate Signature Algorithm(PKCS 1 SHA-1 With RSA Encryption) from the Management::KeyCertificate ge...
application delivery
BIG-IP
iControl
security
JG's avatar
JG
Icon for Cumulonimbus rankCumulonimbus
Jul 20, 2016

Well, you can do this with iControlREST.

 

Create a bash script named, say, "check_insecure_sig_algo.sh", with the following code:

 

!/bin/sh

for i in /config/filestore/files_d/Common_d/certificate_d/*; do
    if openssl x509 -text -noout -in $i | /bin/grep 'Signature Algorithm: sha1' 2>&1 > /dev/null
    then 
            echo $i
    fi
done

and then run the following remotely:

 

!/bin/sh

OUTPUT="$(curl -k -s -u admin:admin -H "Content-Type: application/json" -X POST https://mgmt_IP_address/mgmt/tm/util/bash -d "{\"command\":\"run\",\"utilCmdArgs\":\"-c '/path/to/check_insecure_sig_algo.sh'\"}" | jq '.commandResult')"

insecure_certs="${OUTPUT%\"}"
insecure_certs="${insecure_certs\"}"
echo "$insecure_certs"

to get a list of the certs with sha1 signature algorithm. You need to download and install jq, though.