Publish Virtual-SSLProfile-Certicate Relation

Problem this snippet solves:

The idea behind this code is to create a list of dependencies between


  • Virtuals
  • SSL Profiles
  • Certificates


The output will be in CSV format.

How to use this snippet:

The code is written using TMSH from BASH, so you can run this code directly from BASH in your F5 box.


  # cat > my_script.sh

  <paste the code here>

  <control + D>

  # chmod u+x my_script.sh

  # ./my_script.sh


  The output will be prompted in CSV format separately by some headers


  ************ LIST OF VIRTUAL SERVERS ************

  Common/http_vs;Common/clientssl;Common/serverssl

  [...]

  ************ LIST OF CLIENT SSL PROFILES ************

  Common/clientssl;Common/default.crt;none;Common/default.key;DEFAULT;none

  [...]

  ************ LIST OF CLIENT SSL PROFILES (IN USE) ************

  Common/clientssl

  [...]

  ************ LIST OF SERVER SSL PROFILES ************

  Common/serverssl;none;none;none;DEFAULT;none

  [...]

  ************ LIST OF SERVER SSL PROFILES (IN USE) ************

  Common/serverssl

  [...]

  ************ LIST OF CERTIFICATES ************

  Common/default.crt;Jun 24 15:03:51 2027 GMT

  [...]

  ************ LIST OF CERTIFICATES (IN USE) ************

  Common/default.crt

  [...]


Code :

#----------------------------------------------------------------------------------------------

# LIST OF EXISTING PROFILES
sslprof_c=$( tmsh -q -c "cd / ; list ltm profile client-ssl recursive" | grep "profile" | awk '{ print $4 }' | tr '\n' ' ' )
sslprof_s=$( tmsh -q -c "cd / ; list ltm profile server-ssl recursive" | grep "profile" | awk '{ print $4 }' | tr '\n' ' ' )

# LIST OF VIRTUALS BY PROFILE
vs_sslprof_c=$( tmsh -q -c "cd / ; list ltm virtual recursive profiles { $(echo $sslprof_c) }" )
vs_sslprof_s=$( tmsh -q -c "cd / ; list ltm virtual recursive profiles { $(echo $sslprof_s) }" )

# LIST OF PROFILES BY CERTIFICATE
pf_sslprof_c=$( tmsh -q -c "cd / ; list ltm profile client-ssl recursive { cert chain key defaults-from ciphers }" )
pf_sslprof_s=$( tmsh -q -c "cd / ; list ltm profile server-ssl recursive { cert chain key defaults-from ciphers }" )

# LIST OF CERTIFICATES
sslcert=$( tmsh -q -c "cd / ; list sys file ssl-cert recursive expiration-string" )

# LIST OF PROFILES IN USE
check_vs_sslprof_c=$( echo "$vs_sslprof_c" | grep -A1 "profiles {" | grep -v "profiles" | grep "[a-zA-Z]" | awk '{ print $1 }' | sort | uniq )
check_vs_sslprof_s=$( echo "$vs_sslprof_s" | grep -A1 "profiles {" | grep -v "profiles" | grep "[a-zA-Z]" | awk '{ print $1 }' | sort | uniq )

#----------------------------------------------------------------------------------------------

T1C1=$( echo "$vs_sslprof_c" | grep "virtual" | awk '{ print $3 }' )
T1C2=$( echo "$vs_sslprof_c" | grep -A1 "profiles" | grep -v "profiles {" | grep "[a-zA-Z]" | sed "s/profiles//" | awk '{ print $1 }' )
T1C3=$( echo "$vs_sslprof_s" | grep -A1 "profiles" | grep -v "profiles {" | grep "[a-zA-Z]" | sed "s/profiles//" | awk '{ print $1 }' )

echo -e "************ LIST OF VIRTUAL SERVERS ************"

paste -d ';' <( echo "$T1C1" ) <( echo "$T1C2" ) <( echo "$T1C3" )

#----------------------------------------------------------------------------------------------

T2C1=$( echo "$pf_sslprof_c" | grep "profile " | awk '{ print $4 }' )
T2C2=$( echo "$pf_sslprof_c" | grep "cert " | awk '{ print $2 }' )
T2C3=$( echo "$pf_sslprof_c" | grep "chain " | awk '{ print $2 }' )
T2C4=$( echo "$pf_sslprof_c" | grep "key " | awk '{ print $2 }' )
T2C5=$( echo "$pf_sslprof_c" | grep "ciphers " | awk '{ print $2 }' )
T2C6=$( echo "$pf_sslprof_c" | grep "defaults-from " | awk '{ print $2 }' )

echo -e "************ LIST OF CLIENT SSL PROFILES ************"

paste -d ';' <( echo "$T2C1" ) <( echo "$T2C2" ) <( echo "$T2C3" ) <( echo "$T2C4" ) <( echo "$T2C5" ) <( echo "$T2C6" )

echo -e "************ LIST OF CLIENT SSL PROFILES (IN USE) ************"

echo "$check_vs_sslprof_c"

#----------------------------------------------------------------------------------------------

T3C1=$( echo "$pf_sslprof_s" | grep "profile " | awk '{ print $4 }' )
T3C2=$( echo "$pf_sslprof_s" | grep "cert " | awk '{ print $2 }' )
T3C3=$( echo "$pf_sslprof_s" | grep "chain " | awk '{ print $2 }' )
T3C4=$( echo "$pf_sslprof_s" | grep "key " | awk '{ print $2 }' )
T3C5=$( echo "$pf_sslprof_s" | grep "ciphers " | awk '{ print $2 }' )
T3C6=$( echo "$pf_sslprof_s" | grep "defaults-from " | awk '{ print $2 }' )

echo -e "************ LIST OF SERVER SSL PROFILES ************"

paste -d ';' <( echo "$T3C1" ) <( echo "$T3C2" ) <( echo "$T3C3" ) <( echo "$T3C4" ) <( echo "$T3C5" ) <( echo "$T3C6" )

echo -e "************ LIST OF SERVER SSL PROFILES (IN USE) ************"

echo "$check_vs_sslprof_s"

#----------------------------------------------------------------------------------------------

T4C1=$( echo "$sslcert" | grep "ssl-cert" | awk '{ print $4 }' )
T4C2=$( echo "$sslcert" | grep "expiration-string" | awk -F "\"" '{ print $2 }' )

echo -e "************ LIST OF CERTIFICATES ************"

paste -d ';' <( echo "$T4C1" ) <( echo "$T4C2" )

echo -e "************ LIST OF CERTIFICATES (IN USE) ************"

#----------------------------------------------------------------------------------------------

if [[ "$check_vs_sslprof_c" ]] ; then
	# CHECKING IF THERE ARE CLIENT CERTS IN USE
	check_cert_sslprof_c=$( tmsh -q -c "cd / ; list ltm profile client-ssl recursive $( echo "$check_vs_sslprof_c" | tr '\n' ' ' ) { cert chain }" | grep -e "cert" -e "chain" | awk '{ print $2 }' | grep -v "none" | sort | uniq )
fi

if [[ "$check_vs_sslprof_s" ]] ; then
	# CHECKING IF THERE ARE SERVER CERTS IN USE
	check_cert_sslprof_s=$( tmsh -q -c "cd / ; list ltm profile server-ssl recursive $( echo "$check_vs_sslprof_s" | tr '\n' ' ' ) { cert chain }" | grep -e "cert" -e "chain" | awk '{ print $2 }' | grep -v "none" | sort | uniq )
fi

sslcert_active=$( awk 'NF' <(echo "$check_cert_sslprof_c" ; echo "$check_cert_sslprof_s" | sort | uniq ) )
echo "$sslcert_active"

#----------------------------------------------------------------------------------------------

Tested this on version:

12.1
Published May 30, 2019
Version 1.0
No CommentsBe the first to comment