Forum Discussion

jlarger's avatar
jlarger
Icon for Cirrus rankCirrus
Jun 15, 2023

Piping v15 EXPIRED_CERTIFICATE_IN_USE listing to text from CLI

Loving the expired certificate in use in the GUI. I'd love it even more if I could run that from the GUI for text output. Is that possible? 
application delivery
Expired certificate in use
jlarger's avatar
jlarger
Icon for Cirrus rankCirrus

I am familiar with list sys crypto cert. The key part of my quest is "in use". Those are the ones where we have to chase app owners to renew. 

I can scrape the EXPIRED_CERTIFICATE_IN_USE page, but I'd rather deal with this with crontab and CLI commands to produce periodic text files.

 

Ben_Novak's avatar
Ben_Novak
Icon for Employee rankEmployee
Jun 16, 2023

I agree that is a very important detail.  I would then suggest looking into cleaning up th un-used certs, since they probably serve no purpose.

Paulis's response/article did find some other options with the crypto check-cert utility

K14318: Monitoring SSL certificate expiration on the BIG-IP system

https://my.f5.com/manage/s/article/K14318

 

I would also consider having some sort of syslog server, or SIEM like Splunk to alert whenever the expired cert logs appear.