Quick and dirty shell script to find unused certificates

Problem this snippet solves: This has been edited quite a bit since I first posted so it's probably not as quick and dirty as it was before. This in response to a question regarding removing unused...

Published May 16, 2019

Version 1.0

application delivery

bash

TMOS

Was this article helpful?

Jason_Adams

Employee

May 16, 2019

About the non-default partitions, you could use the following:

#!/bin/sh
 
tmsh list sys file ssl-cert |  awk '/crt/ {print $4}' | sed '/^[[:space:]]*$/d' > /var/tmp/installedCerts.tmp
 
while read cert; do
  isUsed=$(find /config/ -xdev -type f -name bigip.conf -exec grep $cert {} +)
  if [ -z "$isUsed" ];then
      echo "$cert is not used"
  fi
done </var/tmp/installedCerts.tmp
 
rm /var/tmp/installedCerts.tmp