Help
CodeShare
Have some code. Share some code.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

PowerShell - Get a list of VIPs and SSL profiles (client and server)

Michael_Jenkins
Cirrostratus
Cirrostratus

on ‎14-Jan-2016 18:30

Problem this snippet solves:

Having had numerous occasions where I needed to figure out where a particular SSL profile was assigned and seeing a few similar questions here on DC, I decided to make use of PowerShell and iControlRest to get that data for me. This script allows you to grab all the VIPs on the box and list the SSL profiles (both client and server) associated with them.

How to use this snippet:

Prerequisites:

  • You will need to be on BIG-IP v11.4 or newer, as that's when iControlRest was introduced.
  • You will also need a Windows machine and PowerShell v3 or newer (v4 or v5).

Paste this code into your PowerShell console and then run it with at least the hostname (or IP) of your BIG-IP, and it will prompt you for credentials and return the list of VIPs and SSL profiles.

Note: If you use an IP address, you should really include the -IgnoreCertErrors flag as well, since it won't work by default without a valid cert

Examples:

  • Get-F5VipsAndSslProfiles mybigip.example.com;
  • Get-F5VipsAndSslProfiles 10.10.10.10 -IgnoreCertErrors;
  • Get-F5VipsAndSslProfiles -f5HostIp mybigip.example.com;
  • Get-F5VipsAndSslProfiles -f5HostIp 10.10.10.10 -IgnoreCertErrors;
  • $cred = (Get-Credentials); Get-F5VipsAndSslProfiles -f5HostIp 10.10.10.10 -f5Cred $cred -IgnoreCertErrors;

Code :

function Get-F5VipsAndSslProfiles($f5HostIp, $f5Cred, [switch]$IgnoreCertErrors = $false) {
    $f5Host = "https://$f5HostIp/mgmt/tm";
 
    if ($IgnoreCertErrors) {
        Add-Type @"
            using System.Net;
            using System.Security.Cryptography.X509Certificates;
            public class TrustAllCertsPolicy : ICertificatePolicy {
                public bool CheckValidationResult(
                    ServicePoint srvPoint, X509Certificate certificate,
                    WebRequest request, int certificateProblem) {
                    return true;
                }
            }
"@;
        [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy;
    }
 
    $sslProfilesClient = $(Invoke-RESTMethod -Method GET -Uri "$($f5Host)/ltm/profile/client-ssl?`$select=name,partition,fullPath" -Credential $f5Cred).items | Select-Object -ExpandProperty FullPath;
    $sslProfilesServer = $(Invoke-RESTMethod -Method GET -Uri "$($f5Host)/ltm/profile/server-ssl?`$select=name,partition,fullPath" -Credential $f5Cred).items | Select-Object -ExpandProperty FullPath;
    $virtualServers    = $(Invoke-RESTMethod -Method GET -Uri "$($f5Host)/ltm/virtual?expandSubcollections=true&`$select=name,partitioclsn,fullPath,profilesReference" -Credential $f5Cred);
 
    $virtualServers.items | Select-Object Name, FullPath, `
                                    @{Name="ClientSslProfiles"; Expression={($_.profilesReference.items | ?{ $sslProfilesClient -contains $_.fullPath -and $_.context -eq "clientside" }) | Select -ExpandProperty fullPath }}, `
                                    @{Name="ServerSslProfiles"; Expression={($_.profilesReference.items | ?{ $sslProfilesServer -contains $_.fullPath -and $_.context -eq "serverside" }) | Select -ExpandProperty fullPath }};
}

Tested this on version:

11.5
Labels:
0 Kudos
Comments
Julio_Navarro
Cirrostratus
Cirrostratus
‎16-Feb-2016 07:32
Nice Code! Quick question - How I can expand the columns size? I am getting ".../" at the end of each virtual server name. Thank You UPDATE: $virtualServers.items | Select-Object Name, FullPath, ` @{Name="ClientSslProfiles"; Expression={($_.profilesReference.items | ?{ $sslProfilesClient -contains $_.fullPath -and $_.context -eq "clientside" }) | Select -ExpandProperty fullPath }}, ` @{Name="ServerSslProfiles"; Expression={($_.profilesReference.items | ?{ $sslProfilesServer -contains $_.fullPath -and $_.context -eq "serverside" }) | Select -ExpandProperty fullPath }} | ` export-csv "\\localhost\test\Groups_Members.csv" -NoTypeInformation -Delimiter ';'; This will export it to a CSV file Thanks!!!!!!!!!! J
0 Kudos
Michael_Jenkins
Cirrostratus
Cirrostratus
‎16-Feb-2016 07:53
You could do a few different things: 1. Pipe the result to CSV/TAB and paste it into Excel. You can add the following line instead of the Format-Table one: Add ' | ConvertTo-Csv -NoTypeInformation -Delimiter "`t" | clip.exe'. (clip.exe will copy the output to the clipboard) 2. Pipe the result to "Out-Gridview" to see all the data (I forget what version of PowerShell you need for Out-Gridview. I think it's 4 or 5). 3. Save the output to a csv file and then open the file. Something like : '| ConvertTo-Csv -NoTypeInformation | out-file "c:\temp\file.csv"; Invoke-Item "c:\temp\file.csv";' Hope this helps. It's annoying that Format-Table cuts off data, but these are the ways I get around that. Personnally, I use Out-Gridview most of the time and then copy and paste from there (though it doesn't copy the column headers).
0 Kudos
Version history
Last update:
‎14-Jan-2016 18:30
Updated by:
Cirrostratus
Contributors
Copyright © 2023 Khoros, LLC