Which Virtual Contents are associated with which SSL CERT

Not sure I exactly follow, but the subject or subject alt name in a server certificate should match the HTTP::host value requested by the user.

As usual, thank you Kevin for trying and help. We have many contents. One of the Cert is expiring and I need to change it but before I change it, I like to know which contents point to this particular Cert so that I can notify server admin, I am replacing old cert with new. At this point, I have to click on every virtual content to see which content is using this particular cert. I am sure, via BigPIPE or tmsh, there is a way, I can see how many and which contents are associated with a particular ssl client certificate. Thank you.

Okay, if you want to find which client SSL profile(s) a certificate belongs to:

tmsh list / ltm profile clientssl one-line |grep [name of certificate]

If you then want to see which virtual servers have this client SSL profile applied:

tmsh list / ltm virtual one-line |grep [name of client SSL profile]

**Kevin: you rule man. thank you so much.. I will try tomorrow at work. God bless you.

Thanks Kevin... I can use those commands too!

Just for those who are not that sure how to do wha Kevin said to do. We are trying to find which virtual servers are associated with a specific SSL certificate. login to tms via SSH.

username@(name-of-f5-ltm)(cfg-sync In Sync)(Active)(/Common)(tmos)

If you are using multiple partition like I am, cd to that partition via:

cd /your-patition-name

Now, do following command by Kevin to get a list of all virtual servers using the ssl name (Important note: you should not use the name of ssl, rather, via Gui, go to "profiles: SSL: Client" & use the name you gave the profile (note: you may have profile and ssl cert name same).

list / ltm virtual one-line |grep profile-ssl-name

now you should have all the virtual servers that are using this ssl cert profile name so that you know which and how many virtual servers are going to be affected by prior to your modifications to new cert. Which should generate something like below (ssl client profile name, I am searching for is "telecom.com2015"):

ltm virtual telecom.com_https { description "john doe" destination 10.1.1.5:https ip-protocol tcp mask 255.255.255.255 partition DMZ1 pool telecom.com_pool profiles { /Common/tcp { } /Common/telecom.com2015 { context clientside } } vlans-disabled }

on last line you see /Common/telecom.com2015... you would see more lines, if you were using the same cert on more virtual servers... but here, I can see only ltm virtual telecom.com_https is using this cert.

How would you do this via the API?

"list" doesn't seem to work all by itself.