SSL Certificate Report

Question

We are trying to run a report using Powershell to identify the certificates we have when they expire and what VIP the SSL profile is tied to.  We have gotten the parts of listing the certificates and identifying the expiration date.  Where we are stuck at is listing that shows the  SSL profile is being us by this VIP.  This give us a way to audit the certificates are being used and then make a plan for them being updated.  Any one have any ideas how we could do this?  Thanks.&nbsp;
Joe&nbsp;

mhite_60883 · Answer

There aren't any API calls that do exactly what you want. You have to piece the data together yourself. For example, grab the list of all certificates. Then grab the list of all SSL profiles. Then grab the list of certificates associated with each profile. Then grab then the list of all virtual servers. Then grab what profiles are associated with virtual servers... etc. etc. Then you have to piece all that together into a report. ;)

nitish_sk_13577 · Answer

Joe ,&nbsp;
They are some excellent tools in the market that help you achieve this as well. &nbsp;

mhite_60883 · Answer

Roughly speaking, the psuedo code is something like this:

- Set recursive query state to enabled
- Switch to / folder
- Retrieve certificate list using Management.KeyCertificate.get_certificate_list()
- Retrieve virtual server list using LocalLB.VirtualServer.get_list()
- Retrieve virtual server profile list of virtual servers retrieved in previous step using LocalLB.VirtualServer.get_profile(()
- Retrieve client SSL profiles using LocalLB.ProfileClientSSL.get_list()
- Retrieve certificate associated with client SSL profiles using LocalLB.ProfileClientSSL.get_certificate_file_v2()

With the above information, you now have enough information to form the proper data relationships and generate a report. There's a bit of data mangling you'll need to do on your own to create the required associations, but it's doable.

goyogi · Answer

What are the tools that you know of?  I know of Venafi, though it's a bit pricey as it's feature rich.

matt_59095 · Answer

Ridiculous that this isn't part of the native GUI.  At least give me a column alongside my list of virtual servers, so that i can eyeball this, if nothing else.  Poorly designed front end w lack of tools to properly manage everything, and keep everything clean.  Buy a tool to tell you what virtual servers are associated with an ssl profile?  What?  We're just supposed to know, or do a lot of homework or manual reporting (or buy a tool)?  You're not making enough money off of us on maintenance to make these sort of enhancements and make a better product?  Phhhhh.  All the money goes to semi useful sales gimmicks, or useful to small segments of users, instead of making improvements to the base product, that should have been made long ago.  &nbsp;
Plenty of time for this to be built into the GUI as a report.&nbsp;

Forum Discussion

SSL Certificate Report

5 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Same LTM Monitor applied to different Pools with Common Nodes

irule execution error

F5 AWAF/ASM learning only from Trusted traffic?

OWA File Upload URIs for WAF Bypass

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

Related Content

SSL Certificate Report

F5 Threat Report - November 26th, 2025

F5 Threat Report - November 19th, 2025

F5 Threat Report - December 10th, 2025

F5 Threat Report - October 1st, 2025

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS