cancel
Showing results for 
Search instead for 
Did you mean: 

How to list all SAN entries by cert file and/or count them

jwlarger
Cirrus
Cirrus

We need to search for a cert file that we were told had these attributes - somename (obivoulsy not the real name, but it was wrong), a specific expiration date (there weren't ANY certs expiring that day), and quite specifically 98 SAN DNS entries. So, it's two strikes - anyone think they can get us on base, either by listing or - preferably - counting, so we do a search across the F5 fleet?

 

As an aside, I usually see F5 use 'F5 estate' but I think 'F5 fleet' is cooler.

2 REPLIES 2

iaine
MVP
MVP

Hi

 

One way you could do this from BASH is to run something like this from the Cert directory (/config/filestore/files_d/Common_d/certificate_d) to output the info

 

for f in *; do echo ${f}; openssl x509 -in ${f} -noout -text | awk '/DNS:/' | tr -d ' ' | sed 's/,/\n/g' | wc -l; done;

 

This will iterate through all of the files in the directory and will output the name of the file and the number of SAN entries like this

 

:Common:f5-ca-bundle.crt_28992_1

0

:Common:f5-ca-bundle.crt_29282_1

0

:Common:f5-irule.crt_28990_1

0

:Common:f5-irule.crt_29280_1

0

:Common:www.iainweb.local_62930_1

4

 

jwlarger
Cirrus
Cirrus

Outstanding! Thanks again.