For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Verifying Multiple Certificate Key Pairs

Problem this snippet solves:

A simple shell script that compares the moduli of the certs and keys on the BIG-IP system and reports whether they match.

How to use this snippet:

Setup and Usage

Copy and paste this script in to your LTM, GTM, ASM, LC, or EM the /var/tmp directory. Then execute it. If the moduli of the key and the cert are different, then the script will output two lines for that key/cert pair. However, if the moduli are the same, then the script will output one line. Note that certificate bundles do not have keys: when the script encounters a certificate bundle, it will generate an error message that a file cannot be found.

Code :

#! /bin/bash#
# Script to loop through all of the certificates in /config/ssl/ssl.crt and verify that the moduli of the corresponding keys are the same
pushd /config/ssl
for x in ssl.crt/*.crt; do
  echo -n $x
# remove the file type .crt
  y=${x%.crt}
# remove the front part of the path
  z=${y##*/}
  echo " $z"
  ( openssl rsa -noout -in ssl.key/$z.key -modulus | md5sum ; openssl x509 -noout -in ssl.crt/$z.crt -modulus | md5sum ) | uniq
  echo "----------"
done
popd
Published Mar 12, 2015
Version 1.0
bash
management
No CommentsBe the first to comment