Forum Discussion
Mayank_Shukla
Altostratus
Altostratusssl cert list via CLI
In LTM 11.5.3 ; how can we capture all ssl cert list along with their expiry date via CLI.
firstmode
Nimbostratus
Nimbostratusrun sys crypto check-cert verbose enabled
list sys crypto cert all
list sys file ssl-cert all-properties
Device Service Clustering (DSC): The BIG-IP system uses SSL certificates to establish a trust relationship between devices. In a device trust, a BIG-IP device can act as a certificate signing authority or a subordinate non-authority.
/config/ssl/ssl.crt/dtdi.crt Device Management > Device Trust > Identity The dtdi.crt is the identity certificate that is used by a device to validate its identity with another device.
/config/ssl/ssl.crt/dtca.crt Device Management > Device Trust > Local Domain The dtca.crt is the CA root certificate for the trust network.
Configuration utility: Device certificates: The BIG-IP system uses the device certificates for HTTPS connections to the Configuration utility and device-to-device communication processes.
/config/httpd/conf/ssl.crt/server.crt BIG-IP 13.0.0 and later: System > Certificate Management > Device Certificate Management > Device Certificate BIG-IP versions prior to 13.0.0: System > Device Certificates > Device Certificate The server.crt is a certificate used for HTTPS connections to the Configuration utility and device-to-device communication processes.
Trusted device certificates: The local BIG-IP device uses trusted device certificates to authenticate certain connections from a remote BIG-IP device. For example, the big3d agent of the local BIG-IP DNS or BIG-IP LTM system uses the trusted device certificate obtained from a remote F5 device to authenticate the remote device's gtmd or iqdump requests.
/config/big3d/client.crt BIG-IP 13.0.0 and later: System > Certificate Management > Device Certificate Management > Device Trust Certificates BIG-IP versions prior to 13.0.0: System > Device Certificates > Trusted Device Certificates The local BIG-IP device uses the trusted device certificates to authenticate certain connections from a remote BIG-IP device.
Trusted server certificates: The BIG-IP GTM system uses trusted server certificates when the local BIG-IP DNS system authenticates itself to a remote F5 device. For example, the local BIG-IP DNS system uses the trusted server certificate when the BIG-IP DNS system's gtmd process or iqdump program attempts to connect to the big3d process on a remote F5 device.
/config/gtm/server.crt BIG-IP 11.5.0 and later: DNS > GSLB > Servers > Trusted Server Certificates BIG-IP versions prior to 11.5.0: Global Traffic > Servers The trusted server certificates are used when the local GTM system authenticates itself to a remote F5 device.
Client SSL profile:
https://devcentral.f5.com/s/question/0D51T00006i7kIi/identify-which-virtual-servers-are-using-a-specific-ssl-certificate
certificate /config/filestore/files_d/<partition>_d/certificate_d/ /config/filestore/files_d/Common_d/certificate_d/