Forum Discussion

MichellePhipps's avatar
MichellePhipps
Icon for Nimbostratus rankNimbostratus
Aug 17, 2020

tmsh comand to list only certs by issuer

I'm trying to get a list of all self signed certificate or by issuer installed on all partitions that will expire in 30 days

 

These are the other command that I use:

tmsh list sys file ssl-cert all-properties > /shared/SSLreports/tmshssl.txt

tmsh run /sys crypto check-cert

tmsh list sys file ssl-cert expiration-string

 

 

  • Dario_Garrido's avatar
    Dario_Garrido
    Aug 31, 2020

    Hello Michelle.

    Expiration-date is a timestamp not a date.

    # date -d @1638964800 
    Wed Dec  8 13:00:00 CET 2021

    You can use 'expiration-string' instead.

    # tmsh list sys file ssl-cert expiration-string

    Please, don't forget to mark the answer as the best to help other people to find it.

    Regards,

    Dario.

  • So when looking into the file the expiry date comes up as expiration-date 1638964800 instead of the actual date Dec 8 2021 12:00:00 GMT

    • Dario_Garrido's avatar
      Dario_Garrido
      Icon for MVP rankMVP

      Hello Michelle.

      Expiration-date is a timestamp not a date.

      # date -d @1638964800 
      Wed Dec  8 13:00:00 CET 2021

      You can use 'expiration-string' instead.

      # tmsh list sys file ssl-cert expiration-string

      Please, don't forget to mark the answer as the best to help other people to find it.

      Regards,

      Dario.

  • Thanks that works great. So if I want to narrow it down to a specific issuer like for self signed CN=wmroot. I've tried common name or CN but they are not accepted.

    • Dario_Garrido's avatar
      Dario_Garrido
      Icon for MVP rankMVP

      Some bash engineering...

      # tmsh -q -c "cd / ; list sys file ssl-cert recursive one-line" | grep -e "CN=localhost" | awk '{print$4}' | xargs -I {} tmsh -c "cd / ; list sys file ssl-cert {} issuer subject expiration-date"

      Note: replace "CN=localhost" with your "CN=<your-cn>"

      Regards,

      Dario.

  • Hello Michelle.

    You can check all partitions with a command similar to this:

    tmsh -q -c "cd / ; list sys file recursive ssl-cert issuer subject expiration-date"

    If you need something else, you can tune this previous command or modify the output using some BASH engineering.

    Regards,

    Dario.