CirrostratusI have a certificate i need to change out. There are quite a number of VIPs with different SSL Profiles but have the same SSL certificate.
I would like to find a set of appropiate commands.
What is the best way is to find all of the SSL Profiles that has that certerificate . Then match those SSL Profiles to VIPs.
Hi Brandon,
Create a bash script and run it.
#!/bin/bash
# Search /config and sub directories (partitions) for bigip.conf files
LIST=`find /config -name bigip.conf | xargs awk '$2 == "virtual" {print $3}' 2> /dev/null | sort -u`
echo "Virtual: Profile: Certificate: Ciphers:"
echo "__________________________________________________________"
for VAL in ${LIST}
do
PROF=`tmsh show /ltm virtual ${VAL} profiles 2> /dev/null | grep -B 1 " Ltm::ClientSSL Profile:" | cut -d: -f4 | grep -i "[a-z]" | sed s'/ //'g| sort -u`
test -n "${PROF}" 2>&- && {
VIRTS=`expr $VIRTS + 1`
for PCRT in ${PROF}
do
CERT=`tmsh list /ltm profile client-ssl ${PCRT} | awk '$1 == "cert" {print $2}' 2> /dev/null | sort -u`
test -n "${CERT}" 2>&- && {
CIPHERS=`tmsh list /ltm profile client-ssl ${PCRT} ciphers | grep ciphers | awk '{print $2}'`
echo "${VAL} ${PCRT} ${CERT} ${CIPHERS}"
}
done
}
done
echo "Virtual server count: ${VIRTS}"Impact of procedure: For BIG-IP systems configured with many virtual servers, F5 recommends running this script during low volume times, or on the standby BIG-IP device when applicable.