20-Sep-2016 12:54
All,
I'm trying to see if there is a fast way to pull a report of all SSL certificates and their expiration dates on my Big IP device.
I used the tmsh command cd /; run /sys crypto check-cert, but that only pulls expired certificates.
Is there a better way than manually going through the GUI?
Thanks.
20-Sep-2016 15:50 - last edited on 05-Jun-2023 15:49 by JimmyPackets
(tmos.ltm) list profile client-ssl cert-key-chain
(tmos) list sys crypto cert
One or both may serve your requirement. Note: 1st command is executed from ltm module.
20-Sep-2016 18:17
We pulled all the cert information from the REST API, has all the information there.
21-Sep-2016 12:15
Wondering if anyone else has any suggestions on this? From what I've been able to find I can only pull the certificates on the Common partition.
21-Sep-2016 21:51 - last edited on 05-Jun-2023 15:48 by JimmyPackets
In tmsh, if you cd / and add recursive it will look through all partitions,
cd /; list sys crypto recursive cert | grep '^sys\|expiration'
cheers
20-Oct-2017 13:27
the url does not go anywhere
24-May-2018 15:27 - last edited on 02-Jun-2023 09:20 by JimmyPackets
Python example:
!/usr/bin/env python3 import pytz from dateutil.parser import parse from f5.bigip import ManagementRoot mgmt = ManagementRoot('hostname', 'username', 'password') tz = pytz.timezone('America/Chicago') for cert in mgmt.tm.sys.file.ssl_certs.get_collection(): expiration = parse(cert.expirationString) print("Certificate '{}' expires {}".format( cert.fullPath, expiration.astimezone(tz), ))
28-Apr-2020 18:59
Try this
tmsh list sys crypto recursive cert | grep '^sys\|expiration' >> <filename>
13-Aug-2021 12:51
Along with this list can we filter which SSL Profile / VIP it is using ?
