CodeShare
Have some code. Share some code.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- DevCentral
- CodeShare
- extract LTM VS ssl profile binding cert and key in...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
xuwen
MVP
Options
- Article History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
on
15-Jan-2023
21:10
- edited on
17-Jan-2023
18:01
by
Leslie_Hubertus
Code is community submitted, community supported, and recognized as ‘Use At Your Own Risk’.
Short Description
check LTM which VS enable ssl offload and extract its ssl profile binding cert, chain information and key name, include
expirationDate, expirationString, issuer, subject
Problem solved by this Code Snippet
check LTM which VS enable ssl offload and extract its ssl profile binding cert, chain information, support check and extract AS3 LTM VS ssl profile
How to use this Code Snippet
Firstly, install python f5 sdk
pip install f5-sdk
Secondly, modify the following IP, account and password corresponding to your BIGIP LTM device
mgmt = ManagementRoot('192.168.5.109', 'admin', 'xt32112300', token=True)
Finally, if the code runs no error, it will generate a "F5-LTM-SSL-XXX(date format)-NetworkMap.json" file in your local working directory
Code Snippet Meta Information
- Version:1.0
- Coding Language:python
Full Code Snippet
from f5.bigip import ManagementRoot
import json, time
mgmt = ManagementRoot('192.168.5.109', 'admin', 'xt32112300', token=True)
sslprofiles_clientside = []
sslprofiles_serverside = []
virtuals = mgmt.tm.ltm.virtuals.get_collection()
ltm_ssl_virtuals_list = []
for virtual in virtuals:
ssl_virtualserver = {}
if hasattr(virtual, 'subPath'):
ssl_virtualserver.update(name=virtual.name, subPath=virtual.subPath, fullPath=virtual.fullPath,
partition=virtual.partition)
else:
ssl_virtualserver.update(name=virtual.name, fullPath=virtual.fullPath, partition=virtual.partition)
sslprofiles_clientside = []
sslprofiles_serverside = []
for profile in virtual.profiles_s.get_collection():
if profile.context == 'clientside':
if hasattr(profile, 'subPath'):
sslprofiles_clientside.append(('clientside', profile.name, profile.partition, profile.subPath,
profile.fullPath))
else:
sslprofiles_clientside.append(('clientside', profile.name, profile.partition, profile.fullPath))
elif profile.context == 'serverside':
if hasattr(profile, 'subPath'):
sslprofiles_serverside.append(('serverside', profile.name, profile.partition, profile.subPath,
profile.fullPath))
else:
sslprofiles_serverside.append(('serverside', profile.name, profile.partition, profile.fullPath))
else:
continue
ssl_clientside_list = []
if len(sslprofiles_clientside) > 0:
for client_profile in sslprofiles_clientside:
client_profile_dict = {}
if len(client_profile) == 5:
ssl_pro_client = mgmt.tm.ltm.profile.client_ssls.client_ssl.load(name=client_profile[1],
partition=client_profile[2],
subPath=client_profile[3])
else:
ssl_pro_client = mgmt.tm.ltm.profile.client_ssls.client_ssl.load(name=client_profile[1],
partition=client_profile[2])
ssl_profile_clientside_cert = ssl_pro_client.cert
ssl_profile_clientside_key = ssl_pro_client.key
# ssl_profile_clientside_chain = ssl_pro_client.chain default value is 'none'
ssl_profile_clientside_chain = ssl_pro_client.chain
if len(ssl_profile_clientside_cert.split('/')) == 4:
file_client_ssl = mgmt.tm.sys.file.ssl_certs.ssl_cert.load(
name=ssl_profile_clientside_cert.split('/')[-1],
partition=ssl_profile_clientside_cert.split('/')[1],
subPath=ssl_profile_clientside_cert.split('/')[2])
client_cert_detail = {
'name': file_client_ssl.name,
'partition': file_client_ssl.partition,
'subPath': file_client_ssl.subPath,
'fullPath': file_client_ssl.fullPath,
'expirationDate': file_client_ssl.expirationDate,
'expirationString': file_client_ssl.expirationString,
'issuer': file_client_ssl.issuer,
'subject': file_client_ssl.subject
}
client_profile_dict.update(name=client_profile[1],
partition=client_profile[2],
subPath=client_profile[3],
fullPath=client_profile[-1],
cert=client_cert_detail,
key=ssl_profile_clientside_key)
else:
file_client_ssl = mgmt.tm.sys.file.ssl_certs.ssl_cert.load(
name=ssl_profile_clientside_cert.split('/')[-1],
partition=ssl_profile_clientside_cert.split('/')[1])
client_cert_detail = {
'name': file_client_ssl.name,
'partition': file_client_ssl.partition,
'fullPath': file_client_ssl.fullPath,
'expirationDate': file_client_ssl.expirationDate,
'expirationString': file_client_ssl.expirationString,
'issuer': file_client_ssl.issuer,
'subject': file_client_ssl.subject
}
client_profile_dict.update(name=client_profile[1],
partition=client_profile[2],
fullPath=client_profile[-1],
cert=client_cert_detail,
key=ssl_profile_clientside_key)
if ssl_profile_clientside_chain != 'none':
if len(ssl_profile_clientside_chain.split('/')) == 4:
file_clientchain_ssl = mgmt.tm.sys.file.ssl_certs.ssl_cert.load(
name=ssl_profile_clientside_chain.split('/')[-1],
partition=ssl_profile_clientside_chain.split('/')[1],
subPath=ssl_profile_clientside_chain.split('/')[2])
client_chain_detail = {
'name': file_clientchain_ssl.name,
'partition': file_clientchain_ssl.partition,
'subPath': file_clientchain_ssl.subPath,
'fullPath': file_clientchain_ssl.fullPath,
'expirationDate': file_clientchain_ssl.expirationDate,
'expirationString': file_clientchain_ssl.expirationString,
'issuer': file_clientchain_ssl.issuer,
'subject': file_clientchain_ssl.subject
}
client_profile_dict.update(chain=client_chain_detail)
else:
file_clientchain_ssl = mgmt.tm.sys.file.ssl_certs.ssl_cert.load(
name=ssl_profile_clientside_chain.split('/')[-1],
partition=ssl_profile_clientside_chain.split('/')[1])
client_chain_detail = {
'name': file_clientchain_ssl.name,
'partition': file_clientchain_ssl.partition,
'fullPath': file_clientchain_ssl.fullPath,
'expirationDate': file_clientchain_ssl.expirationDate,
'expirationString': file_clientchain_ssl.expirationString,
'issuer': file_clientchain_ssl.issuer,
'subject': file_clientchain_ssl.subject
}
client_profile_dict.update(chain=client_chain_detail)
if len(client_profile_dict) > 0:
ssl_clientside_list.append(client_profile_dict)
if len(ssl_clientside_list) > 0:
ssl_virtualserver.update(clientside=ssl_clientside_list)
# print(ssl_virtualserver)
# ltm_ssl_virtuals_list.append(ssl_virtualserver)
ssl_serverside_list = []
if len(sslprofiles_serverside) > 0:
for server_profile in sslprofiles_serverside:
server_profile_dict = {}
if len(server_profile) == 5:
ssl_pro_server = mgmt.tm.ltm.profile.server_ssls.server_ssl.load(name=server_profile[1],
partition=server_profile[2],
subPath=server_profile[3])
else:
ssl_pro_server = mgmt.tm.ltm.profile.server_ssls.server_ssl.load(name=server_profile[1],
partition=server_profile[2])
ssl_profile_serverside_cert = ssl_pro_server.cert
ssl_profile_serverside_key = ssl_pro_server.key
# ssl_profile_serverside_chain = ssl_pro_server.chain default value is 'none'
ssl_profile_serverside_chain = ssl_pro_server.chain
if len(ssl_profile_serverside_cert.split('/')) == 4:
file_server_ssl = mgmt.tm.sys.file.ssl_certs.ssl_cert.load(
name=ssl_profile_serverside_cert.split('/')[-1],
partition=ssl_profile_serverside_cert.split('/')[1],
subPath=ssl_profile_serverside_cert.split('/')[2])
server_cert_detail = {
'name': file_server_ssl.name,
'partition': file_server_ssl.partition,
'subPath': file_server_ssl.subPath,
'fullPath': file_server_ssl.fullPath,
'expirationDate': file_server_ssl.expirationDate,
'expirationString': file_server_ssl.expirationString,
'issuer': file_server_ssl.issuer,
'subject': file_server_ssl.subject
}
server_profile_dict.update(name=server_profile[1],
partition=server_profile[2],
subPath=server_profile[3],
fullPath=server_profile[-1],
cert=server_cert_detail,
key=ssl_profile_serverside_key)
elif len(ssl_profile_serverside_cert.split('/')) == 3:
file_server_ssl = mgmt.tm.sys.file.ssl_certs.ssl_cert.load(
name=ssl_profile_serverside_cert.split('/')[-1],
partition=ssl_profile_serverside_cert.split('/')[1])
server_cert_detail = {
'name': file_server_ssl.name,
'partition': file_server_ssl.partition,
'fullPath': file_server_ssl.fullPath,
'expirationDate': file_server_ssl.expirationDate,
'expirationString': file_server_ssl.expirationString,
'issuer': file_server_ssl.issuer,
'subject': file_server_ssl.subject
}
server_profile_dict.update(name=server_profile[1],
partition=server_profile[2],
fullPath=server_profile[-1],
cert=server_cert_detail,
key=ssl_profile_serverside_key)
else:
server_profile_dict.update(name=server_profile[1],
partition=server_profile[2],
fullPath=server_profile[-1],
cert=None,
key=None)
if ssl_profile_serverside_chain != 'none':
if len(ssl_profile_serverside_chain.split('/')) == 4:
file_serverchain_ssl = mgmt.tm.sys.file.ssl_certs.ssl_cert.load(
name=ssl_profile_serverside_chain.split('/')[-1],
partition=ssl_profile_serverside_chain.split('/')[1],
subPath=ssl_profile_serverside_chain.split('/')[2])
server_chain_detail = {
'name': file_serverchain_ssl.name,
'partition': file_serverchain_ssl.partition,
'subPath': file_serverchain_ssl.subPath,
'fullPath': file_serverchain_ssl.fullPath,
'expirationDate': file_serverchain_ssl.expirationDate,
'expirationString': file_serverchain_ssl.expirationString,
'issuer': file_serverchain_ssl.issuer,
'subject': file_serverchain_ssl.subject
}
server_profile_dict.update(chain=server_chain_detail)
else:
file_serverchain_ssl = mgmt.tm.sys.file.ssl_certs.ssl_cert.load(
name=ssl_profile_serverside_chain.split('/')[-1],
partition=ssl_profile_serverside_chain.split('/')[1])
server_chain_detail = {
'name': file_serverchain_ssl.name,
'partition': file_serverchain_ssl.partition,
'fullPath': file_serverchain_ssl.fullPath,
'expirationDate': file_serverchain_ssl.expirationDate,
'expirationString': file_serverchain_ssl.expirationString,
'issuer': file_serverchain_ssl.issuer,
'subject': file_serverchain_ssl.subject
}
server_profile_dict.update(chain=server_chain_detail)
if len(server_profile_dict) > 0:
ssl_serverside_list.append(server_profile_dict)
if len(ssl_serverside_list) > 0:
ssl_virtualserver.update(serverside=ssl_serverside_list)
if 'clientside' in ssl_virtualserver.keys() or 'serverside' in ssl_virtualserver.keys():
# print(ssl_virtualserver)
ltm_ssl_virtuals_list.append(ssl_virtualserver)
print(ltm_ssl_virtuals_list)
with open(r"./F5-LTM-SSL-{}-NetworkMap.json".format(time.strftime("%Y-%m-%d", time.localtime())), "w") as f:
f.write(json.dumps(ltm_ssl_virtuals_list, indent=4, ensure_ascii=False))
Labels:
Comments
test json result:
[
{
"name": "APP-017-SPECIAL_Dining2_8030_Internet_97.49_18031",
"fullPath": "/Common/APP-017-SPECIAL_Dining2_8030_Internet_97.49_18031",
"partition": "Common",
"serverside": [
{
"name": "serverssl",
"partition": "Common",
"fullPath": "/Common/serverssl",
"cert": null,
"key": null
}
]
},
{
"name": "service",
"subPath": "TEST_Service_Https_MultiAddr_Local",
"fullPath": "/Sample_cert_06/TEST_Service_Https_MultiAddr_Local/service",
"partition": "Sample_cert_06",
"clientside": [
{
"name": "pTlsServer_Local",
"partition": "Sample_cert_06",
"subPath": "TEST_Service_Https_MultiAddr_Local",
"fullPath": "/Sample_cert_06/TEST_Service_Https_MultiAddr_Local/pTlsServer_Local",
"cert": {
"name": "tlsserver_local_cert.crt",
"partition": "Sample_cert_06",
"subPath": "TEST_Service_Https_MultiAddr_Local",
"fullPath": "/Sample_cert_06/TEST_Service_Https_MultiAddr_Local/tlsserver_local_cert.crt",
"expirationDate": 1519588224,
"expirationString": "Feb 25 19:50:24 2018 GMT",
"issuer": "CN=sample.example.net,O=f5_Networks,L=Seattle,ST=Washington,C=US",
"subject": "CN=sample.example.net,O=f5_Networks,L=Seattle,ST=Washington,C=US"
},
"key": "/Sample_cert_06/TEST_Service_Https_MultiAddr_Local/tlsserver_local_cert.key",
"chain": {
"name": "tlsserver_local_cert-bundle.crt",
"partition": "Sample_cert_06",
"subPath": "TEST_Service_Https_MultiAddr_Local",
"fullPath": "/Sample_cert_06/TEST_Service_Https_MultiAddr_Local/tlsserver_local_cert-bundle.crt",
"expirationDate": 1522351285,
"expirationString": "Mar 29 19:21:25 2018 GMT",
"issuer": "emailAddress=somebody@somewhere.org,CN=test_CA_bundle,OU=Test,O=F5,L=Seattle,ST=Washington,C=US",
"subject": "emailAddress=somebody@somewhere.org,CN=test_CA_bundle,OU=Test,O=F5,L=Seattle,ST=Washington,C=US"
}
}
],
"serverside": [
{
"name": "pTlsClient_Local",
"partition": "Sample_cert_06",
"subPath": "TEST_Service_Https_MultiAddr_Local",
"fullPath": "/Sample_cert_06/TEST_Service_Https_MultiAddr_Local/pTlsClient_Local",
"cert": {
"name": "tlsclient_local_cert.crt",
"partition": "Sample_cert_06",
"subPath": "TEST_Service_Https_MultiAddr_Local",
"fullPath": "/Sample_cert_06/TEST_Service_Https_MultiAddr_Local/tlsclient_local_cert.crt",
"expirationDate": 1519588224,
"expirationString": "Feb 25 19:50:24 2018 GMT",
"issuer": "CN=sample.example.net,O=f5_Networks,L=Seattle,ST=Washington,C=US",
"subject": "CN=sample.example.net,O=f5_Networks,L=Seattle,ST=Washington,C=US"
},
"key": "/Sample_cert_06/TEST_Service_Https_MultiAddr_Local/tlsclient_local_cert.key",
"chain": {
"name": "tlsclient_local_cert-bundle.crt",
"partition": "Sample_cert_06",
"subPath": "TEST_Service_Https_MultiAddr_Local",
"fullPath": "/Sample_cert_06/TEST_Service_Https_MultiAddr_Local/tlsclient_local_cert-bundle.crt",
"expirationDate": 1522351285,
"expirationString": "Mar 29 19:21:25 2018 GMT",
"issuer": "emailAddress=somebody@somewhere.org,CN=test_CA_bundle,OU=Test,O=F5,L=Seattle,ST=Washington,C=US",
"subject": "emailAddress=somebody@somewhere.org,CN=test_CA_bundle,OU=Test,O=F5,L=Seattle,ST=Washington,C=US"
}
}
]
}
]
Leslie_Hubertus
Community Manager
Hi @xuwen - this is great! FYI - I cleared some of the extra spaces that snuck in when you used the text editor, but I didn't change any of the actual content. Just tried to make it easier to read without lots of extra page breaks. 🙂
