There are many times where being able to determine which SSL files on the BIG-IP are or are not being used would be very beneficial (especially when trying to do some spring cleaning or old configurations).
So this script aims to provide a simple way to use PowerShell and iControlRest to determine which SSL (cert and key) files are or are not being used in any SSL profiles (client or server).
How to use this snippet:
You will need to be on BIG-IP v11.4 or newer, as that's when iControlRest was introduced.
You will also need a Windows machine and PowerShell v3 or newer (v4 or v5).
Paste this code into your PowerShell console and then run it with at least the hostname (or IP) of your BIG-IP, and it will prompt you for credentials and return the list of used and unused ssl cert and key files.
Note: If you use an IP address, you should really include the -IgnoreCertErrors flag as well, since it won't work by default without a valid cert.