PowerShell - Get a list of VIPs and SSL profiles (client and server)

Problem this snippet solves:

Having had numerous occasions where I needed to figure out where a particular SSL profile was assigned and seeing a few similar questions here on DC, I decided to make use of PowerShell and iControlRest to get that data for me. This script allows you to grab all the VIPs on the box and list the SSL profiles (both client and server) associated with them.

How to use this snippet:

Prerequisites:

  • You will need to be on BIG-IP v11.4 or newer, as that's when iControlRest was introduced.
  • You will also need a Windows machine and PowerShell v3 or newer (v4 or v5).

Paste this code into your PowerShell console and then run it with at least the hostname (or IP) of your BIG-IP, and it will prompt you for credentials and return the list of VIPs and SSL profiles.

Note: If you use an IP address, you should really include the

-IgnoreCertErrors
flag as well, since it won't work by default without a valid cert

Examples:

  • Get-F5VipsAndSslProfiles mybigip.example.com;
  • Get-F5VipsAndSslProfiles 10.10.10.10 -IgnoreCertErrors;
  • Get-F5VipsAndSslProfiles -f5HostIp mybigip.example.com;
  • Get-F5VipsAndSslProfiles -f5HostIp 10.10.10.10 -IgnoreCertErrors;
  • $cred = (Get-Credentials); Get-F5VipsAndSslProfiles -f5HostIp 10.10.10.10 -f5Cred $cred -IgnoreCertErrors;

Code :

function Get-F5VipsAndSslProfiles($f5HostIp, $f5Cred, [switch]$IgnoreCertErrors = $false) {
    $f5Host = "https://$f5HostIp/mgmt/tm";
 
    if ($IgnoreCertErrors) {
        Add-Type @"
            using System.Net;
            using System.Security.Cryptography.X509Certificates;
            public class TrustAllCertsPolicy : ICertificatePolicy {
                public bool CheckValidationResult(
                    ServicePoint srvPoint, X509Certificate certificate,
                    WebRequest request, int certificateProblem) {
                    return true;
                }
            }
"@;
        [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy;
    }
 
    $sslProfilesClient = $(Invoke-RESTMethod -Method GET -Uri "$($f5Host)/ltm/profile/client-ssl?`$select=name,partition,fullPath" -Credential $f5Cred).items | Select-Object -ExpandProperty FullPath;
    $sslProfilesServer = $(Invoke-RESTMethod -Method GET -Uri "$($f5Host)/ltm/profile/server-ssl?`$select=name,partition,fullPath" -Credential $f5Cred).items | Select-Object -ExpandProperty FullPath;
    $virtualServers    = $(Invoke-RESTMethod -Method GET -Uri "$($f5Host)/ltm/virtual?expandSubcollections=true&`$select=name,partitioclsn,fullPath,profilesReference" -Credential $f5Cred);
 
    $virtualServers.items | Select-Object Name, FullPath, `
                                    @{Name="ClientSslProfiles"; Expression={($_.profilesReference.items | ?{ $sslProfilesClient -contains $_.fullPath -and $_.context -eq "clientside" }) | Select -ExpandProperty fullPath }}, `
                                    @{Name="ServerSslProfiles"; Expression={($_.profilesReference.items | ?{ $sslProfilesServer -contains $_.fullPath -and $_.context -eq "serverside" }) | Select -ExpandProperty fullPath }};
}

Tested this on version:

11.5
Updated Jun 06, 2023
Version 2.0

Was this article helpful?

2 Comments

  • Nice Code! Quick question - How I can expand the columns size? I am getting ".../" at the end of each virtual server name. Thank You UPDATE: $virtualServers.items | Select-Object Name, FullPath, ` @{Name="ClientSslProfiles"; Expression={($_.profilesReference.items | ?{ $sslProfilesClient -contains $_.fullPath -and $_.context -eq "clientside" }) | Select -ExpandProperty fullPath }}, ` @{Name="ServerSslProfiles"; Expression={($_.profilesReference.items | ?{ $sslProfilesServer -contains $_.fullPath -and $_.context -eq "serverside" }) | Select -ExpandProperty fullPath }} | ` export-csv "\\localhost\test\Groups_Members.csv" -NoTypeInformation -Delimiter ';'; This will export it to a CSV file Thanks!!!!!!!!!! J
  • You could do a few different things: 1. Pipe the result to CSV/TAB and paste it into Excel. You can add the following line instead of the Format-Table one: Add ' | ConvertTo-Csv -NoTypeInformation -Delimiter "`t" | clip.exe'. (clip.exe will copy the output to the clipboard) 2. Pipe the result to "Out-Gridview" to see all the data (I forget what version of PowerShell you need for Out-Gridview. I think it's 4 or 5). 3. Save the output to a csv file and then open the file. Something like : '| ConvertTo-Csv -NoTypeInformation | out-file "c:\temp\file.csv"; Invoke-Item "c:\temp\file.csv";' Hope this helps. It's annoying that Format-Table cuts off data, but these are the ways I get around that. Personnally, I use Out-Gridview most of the time and then copy and paste from there (though it doesn't copy the column headers).