Perl Certificate Info

Problem this snippet solves:

This perl application will display the information about the certificates on the BIG-IP system.

Code :

#!/usr/bin/perl
#----------------------------------------------------------------------------
# The contents of this file are subject to the "END USER LICENSE AGREEMENT FOR F5
# Software Development Kit for iControl"; you may not use this file except in
# compliance with the License. The License is included in the iControl
# Software Development Kit.
#
# Software distributed under the License is distributed on an "AS IS"
# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
# the License for the specific language governing rights and limitations
# under the License.
#
# The Original Code is iControl Code and related documentation
# distributed by F5.
#
# The Initial Developer of the Original Code is F5 Networks,
# Inc. Seattle, WA, USA. Portions created by F5 are Copyright (C) 1996-2004 F5 Networks,
# Inc. All Rights Reserved.  iControl (TM) is a registered trademark of F5 Networks, Inc.
#
# Alternatively, the contents of this file may be used under the terms
# of the GNU General Public License (the "GPL"), in which case the
# provisions of GPL are applicable instead of those above.  If you wish
# to allow use of your version of this file only under the terms of the
# GPL and not to allow others to use your version of this file under the
# License, indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by the GPL.
# If you do not delete the provisions above, a recipient may use your
# version of this file under either the License or the GPL.
#----------------------------------------------------------------------------

#use SOAP::Lite + trace => qw(method debug);
use SOAP::Lite;
use MIME::Base64;
use Math::BigInt;

BEGIN { push (@INC, ".."); }
use iControlTypeCast;

#----------------------------------------------------------------------------
# Validate Arguments
#----------------------------------------------------------------------------
my $sHost = $ARGV[0];
my $sPort = $ARGV[1];
my $sUID = $ARGV[2];
my $sPWD = $ARGV[3];
my $sMode = $ARGV[4];
my $sProtocol = "https";


if ( ("80" eq $sPort) or ("8080" eq $sPort) )
{
  $sProtocol = "http";
}

if ( ($sHost eq "") or ($sPort eq "") or ($sUID eq "") or ($sPWD eq "") )
{
  &usage();
}

sub usage()
{
  my ($sCmd) = @_;
  print "Usage: CertInfo.pl host port uid pwd [ManagementModeType]\n";
  print "  ManagementModeType\n";
  print "  ------------------\n";
  print "  MANAGEMENT_MODE_DEFAULT      - keys/certs used in SSL profiles\n";
  print "  MANAGEMENT_MODE_WEBSERVER    - keys/certs used by the admin web server\n";
  print "  MANAGEMENT_MODE_EM           - keys/certs used by Enterprise Manager\n";
  print "  MANAGEMENT_MODE_IQUERY       - keys/certs used by GTM's iQuery GTM directory\n";
  print "  MANAGEMENT_MODE_IQUERY_BIG3D - keys/certs used by GTM's iQuery big3d directory\n";
  exit();
}

#----------------------------------------------------------------------------
# Transport Information
#----------------------------------------------------------------------------
sub SOAP::Transport::HTTP::Client::get_basic_credentials
{
  return "$sUID" => "$sPWD";
}

$KeyCertificate = SOAP::Lite
  -> uri('urn:iControl:Management/KeyCertificate')
  -> proxy("$sProtocol://$sHost:$sPort/iControl/iControlPortal.cgi");
eval { $KeyCertificate->transport->http_request->header
(
  'Authorization' => 
    'Basic ' . MIME::Base64::encode("$sUID:$sPWD", '')
); };

if ( $sMode eq "" )
{
  $sMode = "MANAGEMENT_MODE_DEFAULT";
}

&GetCertInfo($sMode);

sub GetCertInfo()
{
  my ($mode) = (@_);
  $soapResponse = $KeyCertificate->get_certificate_list(
    SOAP::Data->name(mode => $mode)
  );
  &checkResponse($soapResponse);
  @CertificateInformationA = @{$soapResponse->result};
  
  foreach $CertificateInformation (@CertificateInformationA)
  {
    $is_bundled = $CertificateInformation->{"is_bundled"};
    $file_name = $CertificateInformation->{"file_name"};

    print "Certificate Info\n";
    print "  Is Bundled     : $is_bundled\n";
    print "  File Name      : $file_name\n";

    $certificate = $CertificateInformation->{"certificate"};
    $cert_info = $certificate->{"cert_info"};
    $id = $cert_info->{"id"};
    $email = $cert_info->{"email"};

    print "  Cert Info\n";
    print "    Id           : $id\n";
    print "    Email        : $email\n";

    $cert_type = $certificate->{"cert_type"};
    $key_type = $certificate->{"key_type"};
    $bit_length = $certificate->{"bit_length"};
    $version = $certificate->{"version"};
    $serial_number = $certificate->{"serial_number"};
    $expiration_string = $certificate->{"expiration_string"};
    $expiration_date = $certificate->{"expiration_date"};

    print "  Cert Type      : $cert_type\n";
    print "  Key Type       : $key_type\n";
    print "  Bit Length     : $bit_length\n";
    print "  Version        : $version\n";
    print "  Serial #       : $serial_number\n";
    print "  Expiration     : $expiration_string ($expiration_date)\n";

    $subject = $certificate->{"subject"};
    $s_common_name = $subject->{"common_name"};
    $s_country_name = $subject->{"country_name"};
    $s_state_name = $subject->{"state_name"};
    $s_locality_name = $subject->{"locality_name"};
    $s_organization_name = $subject->{"organization_name"};
    $s_division_name = $subject->{"division_name"};

    print "  Subject\n";
    print "    Common Name  : $s_common_name\n";
    print "    Country      : $s_country_name\n";
    print "    State        : $s_state_name\n";
    print "    Locality     : $s_locality_name\n";
    print "    Organization : $s_organization_name\n";
    print "    Division     : $s_division_name\n";

    $issuer = $certificate->{"issuer"};
    $i_common_name = $issuer->{"common_name"};
    $i_country_name = $issuer->{"country_name"};
    $i_state_name = $issuer->{"state_name"};
    $i_locality_name = $issuer->{"locality_name"};
    $i_organization_name = $issuer->{"organization_name"};
    $i_division_name = $issuer->{"division_name"};
    
    print "  Issuer\n";
    print "    Common Name  : $i_common_name\n";
    print "    Country      : $i_country_name\n";
    print "    State        : $i_state_name\n";
    print "    Locality     : $i_locality_name\n";
    print "    Organization : $i_organization_name\n";
    print "    Division     : $i_division_name\n";

    print "---------------------\n";
  }
}

#----------------------------------------------------------------------------
# checkResponse
#----------------------------------------------------------------------------
sub checkResponse()
{
  my ($soapResponse) = (@_);
  if ( $soapResponse->fault )
  {
    print $soapResponse->faultcode, " ", $soapResponse->faultstring, "\n";
    exit();
  }
}
Published Mar 09, 2015
Version 1.0
  • I am getting "500 Can't connect to lb.address:443 (certificate verify failed) at CertInfo.perl line 101." I have already changed the proxy line: proxy("$sProtocol://$sHost:$sPort/iControl/iControlPortal.cgi", ssl_opts => [ SSL_verify_mode => 0 ]);
  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus

    Put the following near the top of the script:

    use IO::Socket::SSL;
    IO::Socket::SSL::set_defaults(SSL_verify_mode => "SSL_VERIFY_NONE");
    $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;
    

    .

  • what does

    my $sMode = $ARGV[4];
    mean here ? Hows the input should be, can someone share an example of how to use this.