Quick and dirty shell script to find unused certificates

About the non-default partitions, you could use the following:

#!/bin/sh
 
tmsh list sys file ssl-cert |  awk '/crt/ {print $4}' | sed '/^[[:space:]]*$/d' > /var/tmp/installedCerts.tmp
 
while read cert; do
  isUsed=$(find /config/ -xdev -type f -name bigip.conf -exec grep $cert {} +)
  if [ -z "$isUsed" ];then
      echo "$cert is not used"
  fi
done </var/tmp/installedCerts.tmp
 
rm /var/tmp/installedCerts.tmp