Forum Discussion

Jazz's avatar
Jazz
Icon for Nimbostratus rankNimbostratus
Aug 10, 2022

SSL-Cert

How to verify the SSL cert whether it's being used or not through CLI command?

  • Hi Jazz,

    If you execute the commands in tmos, you will get this error. Can you run it in bash?

  • Hi Jazz,

    Can you try the commands below to list the unused ssl certificates in the client-ssl profile?

    cd /var/tmp
    tmsh list ltm profile client-ssl | grep -E "            cert|            chain" | awk '{print $2}' | sort -u > a.txt
    tmsh list sys file ssl-cert | grep ssl-cert | awk '{print $4}' | sort -u > b.txt
    diff a.txt b.txt | grep ">" | awk '{print $2}'

     

    • Jazz's avatar
      Jazz
      Icon for Nimbostratus rankNimbostratus

      When trying to execute the command it gives the following error message? Your further help is required.


      Syntax Error: "awk", grep is currently the only filter that is supported

  • Hi Jazz,

    If you execute the commands in tmos, you will get this error. Can you run it in bash?

    • Jazz's avatar
      Jazz
      Icon for Nimbostratus rankNimbostratus

      Yes. Thanks, the command is executed in bash mode. But it only provides the client & server cert details, if we required the overall active cert summary of the box like SAML and others etc.. Can you please guide me in this respect as well?

      tmsh list ltm profile client-ssl | grep -E "cert | chain" | awk '{print $2}' | sort -u > a.txt

      tmsh list ltm profile server-ssl | grep -E "cert | chain" | awk '{print $2}' | sort -u > a.txt

      The second one is not working and gives an error message

      tmsh list sys file ssl-cert | grep ssl-cert | awk '{print $4}' | sortexit -u > b.txt diff a.txt b.txt | grep ">" | awk '{print $2}'

       

       

  • Hi Jazz,

    cd /var/tmp
    
    # Binded certificates on ltm ssl profiles 
    tmsh list ltm profile | grep -E "            cert|            chain" | awk '{print $2}' | sort -u >> templist.txt
    
    # Binded certificates on apm
    tmsh list apm | grep -E "sp-certificate|sp-decryption-cert|idp-certificate|sp-certificate" | awk '{print $2}' | sort -u >> templist.txt
    
    # Ssl certificates on F5
    tmsh list sys file ssl-cert | grep ssl-cert | awk '{print $4}' | sort -u >> certlist.txt
    
    cat templist.txt | sort -u > bindedlist.txt
    
    diff bindedlist.txt certlist.txt | grep ">" | awk '{print $2}'