Verifying Multiple Certificate Key Pairs

Problem this snippet solves:

A simple shell script that compares the moduli of the certs and keys on the BIG-IP system and reports whether they match.

How to use this snippet:

Setup and Usage

Copy and paste this script in to your LTM, GTM, ASM, LC, or EM the /var/tmp directory. Then execute it. If the moduli of the key and the cert are different, then the script will output two lines for that key/cert pair. However, if the moduli are the same, then the script will output one line. Note that certificate bundles do not have keys: when the script encounters a certificate bundle, it will generate an error message that a file cannot be found.

Code :

#! /bin/bash#
# Script to loop through all of the certificates in /config/ssl/ssl.crt and verify that the moduli of the corresponding keys are the same
pushd /config/ssl
for x in ssl.crt/*.crt; do
  echo -n $x
# remove the file type .crt
  y=${x%.crt}
# remove the front part of the path
  z=${y##*/}
  echo " $z"
  ( openssl rsa -noout -in ssl.key/$z.key -modulus | md5sum ; openssl x509 -noout -in ssl.crt/$z.crt -modulus | md5sum ) | uniq
  echo "----------"
done
popd