Get all certificates and their virtual servers and SSL profiles via API calls

Problem this snippet solves:

Summary

F5 will give you a decent report of all your certificates and their expiration dates. However I have not found a way to pull what Virtual Server or SSL Profile the certificates are applied to (or if they are used at all). What this code does is grabs all the virtual servers, all SSL profiles, and all certificates. Then it loops through them to find where a certificate is applied. Then it returns the certificate and virtual server info. I wrote this in C# but the logic can be used anywhere as the API calls are independent of language.

How to use this snippet:

You will need some way to compile C#. Easiest way is to use Visual Studio. Simply add your API credentials and IP addresses and run the code through a C# compiler.

Code :

https://github.com/matthewwedlow/F5_Scripts/blob/master/GetCerts.cs
Published Apr 11, 2019
Version 1.0
  •  

    I do not think so. That is why I made this script. You could list all profiles of your Virtual Server and then list all Client SSL profiles, and then see which are applied where. But it is possible things have changed since this is 2 years old by now.

  • Is there a way to get only the SSL profiles for a vserver? I tried the below API but it gives all the profiles configured. How can i filter only the SSL profiles?

    https://{ip}/mgmt/tm/ltm/virtual/{name}/profiles

  • Hi Matthew,

     

    Thank you for sharing this useful script. But have you tried the similar logic using python and f5-sdk.

     

    I have code shared to migrate bigip config from one unit to another including all the components virtuals, pools, selective profiles, irules, data group, monitors but the only thing i couldn't was the ssl profile and certs.

     

    https://github.com/mshoaibshafi/f5-networks-bigip-migrate-configuration

     

    Please let me know if you did and won't mind sharing your code.

     

    Thank you, Muhammad