tmsh or web - report of sha1 certs

Question

Does anybody know of a way to identify ssl certs based on type.  I want to identify all of my certs which are still sha1.  I tried googling and searching f5 dev.  I didn't find anything.  I found a tmsh command which will list my ssl certs.&nbsp;
tmsh list ltm profile client-ssl test-ssl&nbsp;

kevin_stewart · Answer

The TMSH commands won't give you all of the additional details I think you're looking for. And by the way you'd use something like this:
tmsh list sys crypto cert all

A much more detailed option might be to use OpenSSL. Something like this:
for f in `ls -b /config/filestore/files_d/Common_d/certificate_d/`; do openssl x509 -noout -text -in /config/filestore/files_d/Common_d/certificate_d/$f; done

This will dump the x509 details of each certificate in the Common partition. You can optionally manipulate this to grep/awk for specific information instead of everything.

Forum Discussion

tmsh or web - report of sha1 certs

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

UCS Encryption Question

Unblock Request WAF

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

F5 Threat Report - November 26th, 2025

F5 Threat Report - November 19th, 2025

F5 Threat Report - December 10th, 2025

F5 Threat Report - October 1st, 2025

CIS F5 Benchmark Reporter

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS