Forum Discussion

access2AE_25064's avatar
access2AE_25064
Icon for Nimbostratus rankNimbostratus
Jul 19, 2016

Management / KeyCertificate -How to get Certificate Signature Algorithm

Hi ,

 

Currently in our organization we are doing SHA1 migration. I have been trying to get Certificate Signature Algorithm(PKCS 1 SHA-1 With RSA Encryption) from the Management::KeyCertificate get_certificate_list method;apparently it provides only Subject Public Key Algorithm(PKCS 1 RSA Encryption).

 

Is there any way i can get Certificate Signature Algorithm as well??

 

Many thanks in advance!

 

Regards- Prabir

 

application delivery
BIG-IP
iControl
security

2 Replies

Sort By
  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Jul 19, 2016

    The following bash script will show which SSL certificate in the /Common partition contains a sha1 Signature Algorithm:

    for i in /config/filestore/files_d/Common_d/certificate_d/*; do
    echo "$i:"; openssl x509 -text -noout -in $i |grep 'Signature Algorithm' | grep sha1
done

    .

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Jul 20, 2016

    Well, you can do this with iControlREST.

     

    Create a bash script named, say, "check_insecure_sig_algo.sh", with the following code:

     

    !/bin/sh

for i in /config/filestore/files_d/Common_d/certificate_d/*; do
    if openssl x509 -text -noout -in $i | /bin/grep 'Signature Algorithm: sha1' 2>&1 > /dev/null
    then 
            echo $i
    fi
done

    and then run the following remotely:

     

    !/bin/sh

OUTPUT="$(curl -k -s -u admin:admin -H "Content-Type: application/json" -X POST https://mgmt_IP_address/mgmt/tm/util/bash -d "{\"command\":\"run\",\"utilCmdArgs\":\"-c '/path/to/check_insecure_sig_algo.sh'\"}" | jq '.commandResult')"

insecure_certs="${OUTPUT%\"}"
insecure_certs="${insecure_certs\"}"
echo "$insecure_certs"

    to get a list of the certs with sha1 signature algorithm. You need to download and install jq, though.