SSL certificates Expiration

Question

I run below SSL expiration certifiacate script on LTM with 11.x version 
! /bin/bash
set acceptable threshold in seconds (172800 seconds = 2 days)
threshold=185920000
get today's date
this_date=date +%s
set path to certificates
cert_path=/config/ssl/ssl.crt/
for f in $cert_path*.crt
do
    this_cert_date_literal=openssl x509 -in $f -noout -enddate |sed s/notAfter=//
    this_cert_date=date -d "$this_cert_date_literal" +%s
if [ $this_date -ge $(($this_cert_date - $threshold)) ]
then
    expires_when=$(((this_cert_date - $this_date) / 60 / 60 / 24))
    echo "$f is about to expire in $expires_when days"

additional processing for expiring certs goes here 
fi

done
But get no output as such.Please suggest.

mimlo_61970 · Answer

The certs were moved in version 11, they are no longer in /config/ssl/ssl.crt.&nbsp;
I believe they are now in now in /config/filestore, but a better way is probably to use tmsh to do this&nbsp;
http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14318.html&nbsp;

kevin_stewart · Answer

Assuming you're referring to this post:&nbsp;
https://devcentral.f5.com/questions/how-to-alert-before-ssl-certificate-expire&nbsp;
Use the first script posted. The second example (what you have above) is for 10.x.&nbsp;

Forum Discussion

SSL certificates Expiration

2 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Updating SSL Certificates on BIG-IP using REST API

LTM Certificate expire

Automating Certificate Management on F5 BIG-IP

SSL Cert expiration Tracker

Implementing SSL Orchestrator - Certificate Considerations

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS