Forum Discussion

Nandhi's avatar
Nandhi
Icon for Cirrus rankCirrus
Jun 16, 2023

Thumbprint of the client ssl certificate

Hello Everyone, is there any bash or tmsh command to get thumbprint value of the big-ip client ssl certificate? Thanks
  • Paulius's avatar
    Paulius
    Jun 19, 2023

    Nandhi It is important to know if you would like to know these fingerprints for the GUI SSL cert of the Client SSL Profile because they are in different directories. Without knowing which the following are the two different paths assuming you are using the default partition on it as well. You can find those by logging into the CLI of the F5, then into the linux shell by typing "bash", and finally going to the following path and running the command below that.

    *** Client SSL Profile directory ***
    /config/filestore/files_d/Common_D/certificate_d/
    *** F5 GUI SSL Cert directory ***
    /config/httpd/conf/ssl.crt/

    *** Client SSL Profile ***
    openssl x509 -noout -fingerprint -sha256 -inform -pem -in \:Common\:example.com
    openssl x509 -noout -fingerprint -sha1 -inform -pem -in \:Common\:example.com
    *** F5 GUI SSL ***
    openssl x509 -noout -fingerprint -sha256 -inform -pem -in server.crt
    openssl x509 -noout -fingerprint -sha1 -inform -pem -in server.crt