Forum Discussion
JG
Jul 20, 2016Cumulonimbus
Well, you can do this with iControlREST.
Create a bash script named, say, "check_insecure_sig_algo.sh", with the following code:
!/bin/sh
for i in /config/filestore/files_d/Common_d/certificate_d/*; do
if openssl x509 -text -noout -in $i | /bin/grep 'Signature Algorithm: sha1' 2>&1 > /dev/null
then
echo $i
fi
done
and then run the following remotely:
!/bin/sh
OUTPUT="$(curl -k -s -u admin:admin -H "Content-Type: application/json" -X POST https://mgmt_IP_address/mgmt/tm/util/bash -d "{\"command\":\"run\",\"utilCmdArgs\":\"-c '/path/to/check_insecure_sig_algo.sh'\"}" | jq '.commandResult')"
insecure_certs="${OUTPUT%\"}"
insecure_certs="${insecure_certs\"}"
echo "$insecure_certs"
to get a list of the certs with sha1 signature algorithm. You need to download and install jq, though.