Forum Discussion
Altocumulustmsh script to change SSL cert
I have a lot of virtuals that use the same cert which is now potentially compromised, wondering if anyone has a tmsh script to change them all at once. I can pretty easily create a file with all the names in it or have a command run to grep the names out to feed through a loop. Just wondering the command if I did that.
I have been playing with modify ltm virtual name_of_virtual then when you get to changing the properties it seems to get a little fishy? Don't want to do these by hand. Thought about editing the bigip.conf file and doing a find replace and (haven't ruled that out entirely yet but a script that does it as a loop might be nice to have. Thanks Joe
3 Replies
uniI feel your pain. The syntax is pretty awful when you are replacing one element of a collection. I have ended up listing all the virtuals, editing it with a text editor then merging it back in (load sys config merge) You are going to have the same issue when the cert expires too. I try to have one client-ssl profile per certificate. If you need variants, make them descendants of that one.- uni
Now that I am in front of my computer, here is the syntax you need:
tmsh modify ltm virtual my-vs profiles delete { old-clientssl } profiles add { new-clientssl }Here is a bash one-liner which will replace profiles "old-clientssl" with "new-clientssl" in all virtuals in /Common:
tmsh list ltm virtual one-line|grep old-clientssl|cut -d' ' -f3| xargs -I_ -n1 tmsh modify ltm virtual _ profiles delete { old-clientssl } profiles add { new-clientssl }Run this at your own risk. I suggest you change the last "tmsh" to "echo" to test it first.
sundogbrewUni, Thanks so much! I tested this out on my backup and it seems to do exactly what I need. Now I just need to schedule it on the primary! Thanks Joe
