Forum Discussion

jwlarger's avatar
jwlarger
Icon for Cirrus rankCirrus
Jan 25, 2021

How to list all SAN entries by cert file and/or count them

We need to search for a cert file that we were told had these attributes - somename (obivoulsy not the real name, but it was wrong), a specific expiration date (there weren't ANY certs expiring that day), and quite specifically 98 SAN DNS entries. So, it's two strikes - anyone think they can get us on base, either by listing or - preferably - counting, so we do a search across the F5 fleet?

 

As an aside, I usually see F5 use 'F5 estate' but I think 'F5 fleet' is cooler.

2 Replies

  • Hi

     

    One way you could do this from BASH is to run something like this from the Cert directory (/config/filestore/files_d/Common_d/certificate_d) to output the info

     

    for f in *; do echo ${f}; openssl x509 -in ${f} -noout -text | awk '/DNS:/' | tr -d ' ' | sed 's/,/\n/g' | wc -l; done;

     

    This will iterate through all of the files in the directory and will output the name of the file and the number of SAN entries like this

     

    :Common:f5-ca-bundle.crt_28992_1

    0

    :Common:f5-ca-bundle.crt_29282_1

    0

    :Common:f5-irule.crt_28990_1

    0

    :Common:f5-irule.crt_29280_1

    0

    :Common:www.iainweb.local_62930_1

    4