Forum Discussion

Vikneswaran_709's avatar
Vikneswaran_709
Icon for Nimbostratus rankNimbostratus
Nov 29, 2017

Reporting : Virtual Server - SSL Certificate Mapping

I have a requirement to capture the virtual server along with cleint & Server SSL profile details in excel sheet. Please let me know the options to get it in excell-Number of Virtual server configure...
BIG-IP
devops
LTM
Andy_McGrath's avatar
Andy_McGrath
Icon for Cumulonimbus rankCumulonimbus
Dec 01, 2017

So pulled together a quick python 2.x script you can run directly on your F5 from Bash.

It will output commented list of Virtual Server Name, Client SSL Profiles, Server SSL Profiles (SSL Profiles will be a spaced list)

Save the following script to a file on your F5 e.g. name the file ssl_profile.py, then run with the following:

python ssl_profile.py > output.csv

The outputted file output.csv will be a basic file containing the info you need.

HUGE NOTE: this is doing a very basic string compare so expect faults positives if you have overlapping profile names. I got the default profiles clientssl and serverssl listed in almost every virtual server as all the SSL Profiles contain one of these in their name.

Script is as follows, hope it helps. If it does help please up vote my answer 😄

!/usr/bin/python
import subprocess
import re

def get_partitions(output):
    return [line for line in
            [re.sub(r'auth partition | {0,}\{| {0,}\}|descri.*', '', line.strip()) for line in output.splitlines()]
            if line]
    
def run_command(cmd):
    process = subprocess.Popen(cmd.split(), stdout=subprocess.PIPE)
    output, error = process.communicate()
    if not error:
        return output
    
def get_client_ssl_profiles(partition):
    for line in run_command('tmsh list ltm profile client-ssl /'+partition+'/* one-line').splitlines():
        reClientSslProfile = re.search(r'^ltm profile client-ssl (.*?) ', line)
        if reClientSslProfile:
            yield reClientSslProfile.group(1)

def get_server_ssl_profiles(partition): 
    for line in run_command('tmsh list ltm profile server-ssl /'+partition+'/* one-line').splitlines():
        reServerSslProfile = re.search(r'^ltm profile server-ssl (.*?) ', line)
        if reServerSslProfile:
            yield reServerSslProfile.group(1)
            
def get_virutalservers(partition): 
    for line in run_command('tmsh list ltm virtual /'+partition+'/* one-line').splitlines():
        reVS = re.search(r'^ltm virtual (.*?) ', line)
        if reVS:
            yield reVS.group(1)
            
def ssl_profile_used_by_vs(vs, sslProfile):
    return sslProfile in run_command('tmsh list ltm virtual '+vs+' one-line')

def printCSV(vsDist):
    print('Virtual Server, Client SSL, Server SSL')
    for k, v in vsDist.items():
        print k + ', ',
        print ' '.join(v['clientssl'])+', ',
        print ' '.join(v['serverssl'])+', '

if __name__ == "__main__":
    clientSslProfiles = []
    serverSslProfiles = []
    virtualServers = {}
    partitions = get_partitions(run_command('tmsh list auth partition'))
    for partition in partitions:
        for profile in get_client_ssl_profiles(partition):
            clientSslProfiles.append(profile)
        for profile in get_server_ssl_profiles(partition):
            serverSslProfiles.append(profile)
        for vs in get_virutalservers(partition):
            virtualServers[vs] = {'clientssl': [], 'serverssl': []}
            
    for vs in virtualServers.keys():
        vsCmd = run_command('tmsh list ltm virtual '+vs+' one-line')
        virtualServers[vs]['clientssl'] = [profile for profile in clientSslProfiles if profile in vsCmd]
        virtualServers[vs]['serverssl'] = [profile for profile in serverSslProfiles if profile in vsCmd]
    
    printCSV(virtualServers)