Forum Discussion
tmsh comand to list only certs by issuer
I'm trying to get a list of all self signed certificate or by issuer installed on all partitions that will expire in 30 days
These are the other command that I use:
tmsh list sys file ssl-cert all-properties > /shared/SSLreports/tmshssl.txt
tmsh run /sys crypto check-cert
tmsh list sys file ssl-cert expiration-string
Hello Michelle.
Expiration-date is a timestamp not a date.
# date -d @1638964800 Wed Dec 8 13:00:00 CET 2021
You can use 'expiration-string' instead.
# tmsh list sys file ssl-cert expiration-string
Please, don't forget to mark the answer as the best to help other people to find it.
Regards,
Dario.
- MichellePhippsNimbostratus
Great!! thanks
- MichellePhippsNimbostratus
So when looking into the file the expiry date comes up as expiration-date 1638964800 instead of the actual date Dec 8 2021 12:00:00 GMT
Hello Michelle.
Expiration-date is a timestamp not a date.
# date -d @1638964800 Wed Dec 8 13:00:00 CET 2021
You can use 'expiration-string' instead.
# tmsh list sys file ssl-cert expiration-string
Please, don't forget to mark the answer as the best to help other people to find it.
Regards,
Dario.
- MichellePhippsNimbostratus
Thanks that works great. So if I want to narrow it down to a specific issuer like for self signed CN=wmroot. I've tried common name or CN but they are not accepted.
Some bash engineering...
# tmsh -q -c "cd / ; list sys file ssl-cert recursive one-line" | grep -e "CN=localhost" | awk '{print$4}' | xargs -I {} tmsh -c "cd / ; list sys file ssl-cert {} issuer subject expiration-date"
Note: replace "CN=localhost" with your "CN=<your-cn>"
Regards,
Dario.
Hello Michelle.
You can check all partitions with a command similar to this:
tmsh -q -c "cd / ; list sys file recursive ssl-cert issuer subject expiration-date"
If you need something else, you can tune this previous command or modify the output using some BASH engineering.
Regards,
Dario.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com