Forum Discussion
Kirk_51216
Nimbostratus
NimbostratusPowershell list certificates
Hi,
I am trying to list all the details for certificates used in SSL profiles using Powershell.
This is the code I am using:
Initialize-F5.iControl -hostname $g_bgip -username $user -password $pass|out-null
$g_ic = Get-F5.iControl
$certs = ($g_ic).ManagementKeyCertificate.get_certificate_list('1');
mode 1 is used for brevity - there is only 1 MANAGEMENT_MODE_WEBSERVER certificate
write-host $certs.count "Certs"
this returns a count of 1
$certs|format-list
$cert = $certs.certificate.serial_number;
write-host "Serial number is $cert"
$certs|format-list returns
is_bundled : False
file_name : /config/httpd/conf/ssl.crt/server.crt
certificate : iControl.ManagementKeyCertificateCertificateDetail
$certs.certificate.version does not return anything at all.
I tried using ManagementKeyCertificateCertificateDetail and variations of, in the $certs and $cert variables with no luck.
Can anybody see where I am going wrong?
Thanks.
Kirk_51216Nevermind - I figured out it was an indexed array.
for($i=0; $i -lt $certs.count; $i++) { $certdate = $certs[$i].certificate.expiration_string; $certcn = $certs[$i].certificate.subject.common_name; write-host "Common Name is $certcn" write-host "Expiration date is $certdate" }- TESTING_32412Hi Can you please give the full code you have used, that would help others too.
Liran_Ben_Abu_2Hi , i wrote something with powershell that can be use. the script export the SSL certificates - calculate the expiration date 60 days back and send the report in table to email (if you have mail relay) the script : Add-PSSnapin iControlSnapIn $f5_VA_1= "big_ip_address_no1" $f5_va_3 = "big_ip_address_no2" $f5_ams_1 = "big_ip_address_no3" $f5_all = @("$f5_VA_1","$f5_va_3","$f5_ams_1") $table = $null $row = $null Create the Report Table Table $tabName = "Table" Create Table object $table = New-Object system.Data.DataTable &8220;$tabName&8221; Define Columns $ColumnName1="F5_Name" $ColumnName2="Object" $ColumnName3="Status" $ColumnName4="Action" $ColumnName5="Error" $col1 = New-Object system.Data.DataColumn $ColumnName1,([string]) $col2 = New-Object system.Data.DataColumn $ColumnName2,([string]) $col3 = New-Object system.Data.DataColumn $ColumnName3,([string]) $col4 = New-Object system.Data.DataColumn $ColumnName4,([string]) $col5 = New-Object system.Data.DataColumn $ColumnName5,([string]) Add the Columns $table.columns.add($col1) $table.columns.add($col2) $table.columns.add($col3) $table.columns.add($col4) $table.columns.add($col5) $row = $null Create a row $row = $table.NewRow() Enter data in the row $row.$ColumnName1 = "$f5" $row.$ColumnName2 = "$certcn" $row.$ColumnName3 = "$certdate" $row.$ColumnName4 = "Please Check the Certificate Status" Add Row to Table $table.Rows.Add($row) $certcn = $null `</pre> foreach ($f5 in $f5_all){ <pre class="prettyprint lang-tcl">`Initialize-F5.iControl -Hostname $f5 -username admin -Password Big-IP_password $begin = Get-Date -UFormat "%m/%d/%Y" `</pre> $now = (get-date).AddDays(-60) $g_ic = Get-F5.iControl $ErrorActionPreference = "silentlycontinue" $certs = ($g_ic).ManagementKeyCertificate.get_certificate_list('0'); for($i=0; $i -le $certs.count; $i++) { $certdate = $certs[$i].certificate.expiration_string; $certcn = $certs[$i].certificate.subject.common_name; <pre class="prettyprint lang-tcl">` $certdate1 = ($certdate -split ' ')[0,1,3] `</pre> $certdate2 = $certdate1[0] +" " + $certdate1[1] +" " + $certdate1[2] $certdate3 = [datetime]::ParseExact($certdate2,"MMM dd yyyy",$null) $monthdiff = ($certdate3 - [datetime]$begin).TotalDays <pre class="prettyprint lang-tcl">` Get certificates from all F5 if($monthdiff -le 60 -and $certcn -ne $null){ $row = $table.NewRow() Enter data in the row $row.$ColumnName1 = $f5 $row.$ColumnName2 = "$certcn" $row.$ColumnName3 = "$certdate3" $row.$ColumnName4 = "the certificate $certcn will expire in $monthdiff days" Add Row to Table $table.Rows.Add($row) } } } $table Send Report if Error exist if ($table -ne $null){ $Header=$null $Header = @" <style> TABLE {border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;} TH {border-width: 1px;padding: 3px;border-style: solid;border-color: black;background-color: 6495ED;} TD {border-width: 1px;padding: 3px;border-style: solid;border-color: black;} </style> "@ $bodytable = $table | select $ColumnName1,$ColumnName2,$ColumnName3,$ColumnName4 | ConvertTo-Html -Head $Header -PreContent $Pre -PostContent $Post only if you have mail relay $mailto="mail_address" $mailfrom="from where you get mail" $smtp="mail_relay_ip" Send-MailMessage -To "mailto" -Subject "certificates" -Body "$bodytable"` -BodyAsHTML -SmtpServer $smtp -From $mailfrom } Greetings, Liran Ben-Abu DevOps Engineer at Perion network LTD.
Red-Erik_144667Please, put the code in a readeble format. Too many HTML chars so it'0s really difficult to grab and use it. Thank You very much. Regards. Red.- Liran_Ben_Abu_2Hi Eric, from some reason the HTML chars showing up also in Code format , if you need the code please enter to this URL https://www.dropbox.com/s/p1ok2sb8jzetr0n/F5%20certificates%20list.ps1?dl=0 Thank you a lot :]