Forum Discussion
2 Replies
Sort By
- JGCumulonimbus
The following bash script will show which SSL certificate in the /Common partition contains a sha1 Signature Algorithm:
for i in /config/filestore/files_d/Common_d/certificate_d/*; do echo "$i:"; openssl x509 -text -noout -in $i |grep 'Signature Algorithm' | grep sha1 done
.
- JGCumulonimbus
Well, you can do this with iControlREST.
Create a bash script named, say, "check_insecure_sig_algo.sh", with the following code:
!/bin/sh for i in /config/filestore/files_d/Common_d/certificate_d/*; do if openssl x509 -text -noout -in $i | /bin/grep 'Signature Algorithm: sha1' 2>&1 > /dev/null then echo $i fi done
and then run the following remotely:
!/bin/sh OUTPUT="$(curl -k -s -u admin:admin -H "Content-Type: application/json" -X POST https://mgmt_IP_address/mgmt/tm/util/bash -d "{\"command\":\"run\",\"utilCmdArgs\":\"-c '/path/to/check_insecure_sig_algo.sh'\"}" | jq '.commandResult')" insecure_certs="${OUTPUT%\"}" insecure_certs="${insecure_certs\"}" echo "$insecure_certs"
to get a list of the certs with sha1 signature algorithm. You need to download and install jq, though.