Identify and cleanse expired and soon to expire certs from BIG-IP

Problem this snippet solves:

  • Identify Expired and Soon to Expire Certs (including their use on a virtual, client-ssl profile)
  • If desired, script can delete client-ssl profile, cert/key for expired certs
  • Script can be run with argument of --days to indicate how many days prior to expiration you consider soon to expire
  • --reportonly argument will never prompt to delete configuration objects

How to use this snippet:

usage: [-h] --bigip BIGIP --user USER [--days DAYS] [--reportonly]

A tool to identify expiring and soon to expire certs and related config detritus and assist user with pruning it from configuration

optional arguments: -h, --help show this help message and exit --bigip BIGIP IP or hostname of BIG-IP Management or Self IP --user USER username to use for authentication --days DAYS number of days before expiration to consider cert as expiring soon --reportonly produce report only; do not prompt for configuration object deletion

Code :

Tested this on version:

Published Jul 29, 2018
Version 1.0

Was this article helpful?