For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Perl Certificate Info

Problem this snippet solves:

This perl application will display the information about the certificates on the BIG-IP system.

Code :

#!/usr/bin/perl
#----------------------------------------------------------------------------
# The contents of this file are subject to the "END USER LICENSE AGREEMENT FOR F5
# Software Development Kit for iControl"; you may not use this file except in
# compliance with the License. The License is included in the iControl
# Software Development Kit.
#
# Software distributed under the License is distributed on an "AS IS"
# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
# the License for the specific language governing rights and limitations
# under the License.
#
# The Original Code is iControl Code and related documentation
# distributed by F5.
#
# The Initial Developer of the Original Code is F5 Networks,
# Inc. Seattle, WA, USA. Portions created by F5 are Copyright (C) 1996-2004 F5 Networks,
# Inc. All Rights Reserved.  iControl (TM) is a registered trademark of F5 Networks, Inc.
#
# Alternatively, the contents of this file may be used under the terms
# of the GNU General Public License (the "GPL"), in which case the
# provisions of GPL are applicable instead of those above.  If you wish
# to allow use of your version of this file only under the terms of the
# GPL and not to allow others to use your version of this file under the
# License, indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by the GPL.
# If you do not delete the provisions above, a recipient may use your
# version of this file under either the License or the GPL.
#----------------------------------------------------------------------------

#use SOAP::Lite + trace => qw(method debug);
use SOAP::Lite;
use MIME::Base64;
use Math::BigInt;

BEGIN { push (@INC, ".."); }
use iControlTypeCast;

#----------------------------------------------------------------------------
# Validate Arguments
#----------------------------------------------------------------------------
my $sHost = $ARGV[0];
my $sPort = $ARGV[1];
my $sUID = $ARGV[2];
my $sPWD = $ARGV[3];
my $sMode = $ARGV[4];
my $sProtocol = "https";


if ( ("80" eq $sPort) or ("8080" eq $sPort) )
{
  $sProtocol = "http";
}

if ( ($sHost eq "") or ($sPort eq "") or ($sUID eq "") or ($sPWD eq "") )
{
  &usage();
}

sub usage()
{
  my ($sCmd) = @_;
  print "Usage: CertInfo.pl host port uid pwd [ManagementModeType]\n";
  print "  ManagementModeType\n";
  print "  ------------------\n";
  print "  MANAGEMENT_MODE_DEFAULT      - keys/certs used in SSL profiles\n";
  print "  MANAGEMENT_MODE_WEBSERVER    - keys/certs used by the admin web server\n";
  print "  MANAGEMENT_MODE_EM           - keys/certs used by Enterprise Manager\n";
  print "  MANAGEMENT_MODE_IQUERY       - keys/certs used by GTM's iQuery GTM directory\n";
  print "  MANAGEMENT_MODE_IQUERY_BIG3D - keys/certs used by GTM's iQuery big3d directory\n";
  exit();
}

#----------------------------------------------------------------------------
# Transport Information
#----------------------------------------------------------------------------
sub SOAP::Transport::HTTP::Client::get_basic_credentials
{
  return "$sUID" => "$sPWD";
}

$KeyCertificate = SOAP::Lite
  -> uri('urn:iControl:Management/KeyCertificate')
  -> proxy("$sProtocol://$sHost:$sPort/iControl/iControlPortal.cgi");
eval { $KeyCertificate->transport->http_request->header
(
  'Authorization' => 
    'Basic ' . MIME::Base64::encode("$sUID:$sPWD", '')
); };

if ( $sMode eq "" )
{
  $sMode = "MANAGEMENT_MODE_DEFAULT";
}

&GetCertInfo($sMode);

sub GetCertInfo()
{
  my ($mode) = (@_);
  $soapResponse = $KeyCertificate->get_certificate_list(
    SOAP::Data->name(mode => $mode)
  );
  &checkResponse($soapResponse);
  @CertificateInformationA = @{$soapResponse->result};
  
  foreach $CertificateInformation (@CertificateInformationA)
  {
    $is_bundled = $CertificateInformation->{"is_bundled"};
    $file_name = $CertificateInformation->{"file_name"};

    print "Certificate Info\n";
    print "  Is Bundled     : $is_bundled\n";
    print "  File Name      : $file_name\n";

    $certificate = $CertificateInformation->{"certificate"};
    $cert_info = $certificate->{"cert_info"};
    $id = $cert_info->{"id"};
    $email = $cert_info->{"email"};

    print "  Cert Info\n";
    print "    Id           : $id\n";
    print "    Email        : $email\n";

    $cert_type = $certificate->{"cert_type"};
    $key_type = $certificate->{"key_type"};
    $bit_length = $certificate->{"bit_length"};
    $version = $certificate->{"version"};
    $serial_number = $certificate->{"serial_number"};
    $expiration_string = $certificate->{"expiration_string"};
    $expiration_date = $certificate->{"expiration_date"};

    print "  Cert Type      : $cert_type\n";
    print "  Key Type       : $key_type\n";
    print "  Bit Length     : $bit_length\n";
    print "  Version        : $version\n";
    print "  Serial #       : $serial_number\n";
    print "  Expiration     : $expiration_string ($expiration_date)\n";

    $subject = $certificate->{"subject"};
    $s_common_name = $subject->{"common_name"};
    $s_country_name = $subject->{"country_name"};
    $s_state_name = $subject->{"state_name"};
    $s_locality_name = $subject->{"locality_name"};
    $s_organization_name = $subject->{"organization_name"};
    $s_division_name = $subject->{"division_name"};

    print "  Subject\n";
    print "    Common Name  : $s_common_name\n";
    print "    Country      : $s_country_name\n";
    print "    State        : $s_state_name\n";
    print "    Locality     : $s_locality_name\n";
    print "    Organization : $s_organization_name\n";
    print "    Division     : $s_division_name\n";

    $issuer = $certificate->{"issuer"};
    $i_common_name = $issuer->{"common_name"};
    $i_country_name = $issuer->{"country_name"};
    $i_state_name = $issuer->{"state_name"};
    $i_locality_name = $issuer->{"locality_name"};
    $i_organization_name = $issuer->{"organization_name"};
    $i_division_name = $issuer->{"division_name"};
    
    print "  Issuer\n";
    print "    Common Name  : $i_common_name\n";
    print "    Country      : $i_country_name\n";
    print "    State        : $i_state_name\n";
    print "    Locality     : $i_locality_name\n";
    print "    Organization : $i_organization_name\n";
    print "    Division     : $i_division_name\n";

    print "---------------------\n";
  }
}

#----------------------------------------------------------------------------
# checkResponse
#----------------------------------------------------------------------------
sub checkResponse()
{
  my ($soapResponse) = (@_);
  if ( $soapResponse->fault )
  {
    print $soapResponse->faultcode, " ", $soapResponse->faultstring, "\n";
    exit();
  }
}
Published Mar 09, 2015
Version 1.0
devops
iControl
perl

5 Comments

  • paul_dawson_258's avatar
    paul_dawson_258
    Icon for Nimbostratus rankNimbostratus
    May 13, 2016
    I am getting "500 Can't connect to lb.address:443 (certificate verify failed) at CertInfo.perl line 101." I have already changed the proxy line: proxy("$sProtocol://$sHost:$sPort/iControl/iControlPortal.cgi", ssl_opts => [ SSL_verify_mode => 0 ]);
  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Jul 20, 2016

    Put the following near the top of the script:

    use IO::Socket::SSL;
IO::Socket::SSL::set_defaults(SSL_verify_mode => "SSL_VERIFY_NONE");
$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;

    .

  • jaikumar_f5's avatar
    jaikumar_f5
    Icon for Noctilucent rankNoctilucent
    Jul 19, 2017

    what does 

    my $sMode = $ARGV[4];
    mean here ? Hows the input should be, can someone share an example of how to use this.