A simple shell script that compares the moduli of the certs and keys on the BIG-IP system and reports whether they match.
How to use this snippet:
Setup and Usage
Copy and paste this script in to your LTM, GTM, ASM, LC, or EM the /var/tmp directory. Then execute it. If the moduli of the key and the cert are different, then the script will output two lines for that key/cert pair. However, if the moduli are the same, then the script will output one line. Note that certificate bundles do not have keys: when the script encounters a certificate bundle, it will generate an error message that a file cannot be found.
# Script to loop through all of the certificates in /config/ssl/ssl.crt and verify that the moduli of the corresponding keys are the same
for x in ssl.crt/*.crt; do
echo -n $x
# remove the file type .crt
# remove the front part of the path
echo " $z"
( openssl rsa -noout -in ssl.key/$z.key -modulus | md5sum ; openssl x509 -noout -in ssl.crt/$z.crt -modulus | md5sum ) | uniq