Forum Discussion
MichellePhipps
Nimbostratus
Nimbostratustmsh comand to list only certs by issuer
I'm trying to get a list of all self signed certificate or by issuer installed on all partitions that will expire in 30 days
These are the other command that I use:
tmsh list sys file ssl-cert all-properties > /shared/SSLreports/tmshssl.txt
tmsh run /sys crypto check-cert
tmsh list sys file ssl-cert expiration-string
Hello Michelle.
Expiration-date is a timestamp not a date.
# date -d @1638964800 Wed Dec 8 13:00:00 CET 2021You can use 'expiration-string' instead.
# tmsh list sys file ssl-cert expiration-stringPlease, don't forget to mark the answer as the best to help other people to find it.
Regards,
Dario.
Hello Michelle.
You can check all partitions with a command similar to this:
tmsh -q -c "cd / ; list sys file recursive ssl-cert issuer subject expiration-date"If you need something else, you can tune this previous command or modify the output using some BASH engineering.
Regards,
Dario.
MichellePhippsThanks that works great. So if I want to narrow it down to a specific issuer like for self signed CN=wmroot. I've tried common name or CN but they are not accepted.
Some bash engineering...
# tmsh -q -c "cd / ; list sys file ssl-cert recursive one-line" | grep -e "CN=localhost" | awk '{print$4}' | xargs -I {} tmsh -c "cd / ; list sys file ssl-cert {} issuer subject expiration-date"Note: replace "CN=localhost" with your "CN=<your-cn>"
Regards,
Dario.
- MichellePhipps
So when looking into the file the expiry date comes up as expiration-date 1638964800 instead of the actual date Dec 8 2021 12:00:00 GMT
Hello Michelle.
Expiration-date is a timestamp not a date.
# date -d @1638964800 Wed Dec 8 13:00:00 CET 2021You can use 'expiration-string' instead.
# tmsh list sys file ssl-cert expiration-stringPlease, don't forget to mark the answer as the best to help other people to find it.
Regards,
Dario.
- MichellePhipps
Great!! thanks
