09-Aug-2022 22:58
How to verify the SSL cert whether it's being used or not through CLI command?
Solved! Go to Solution.
10-Aug-2022 04:00
Hi Jazz,
If you execute the commands in tmos, you will get this error. Can you run it in bash?
View solution in original post
10-Aug-2022 03:17
Can you try the commands below to list the unused ssl certificates in the client-ssl profile?
cd /var/tmp tmsh list ltm profile client-ssl | grep -E " cert| chain" | awk '{print $2}' | sort -u > a.txt tmsh list sys file ssl-cert | grep ssl-cert | awk '{print $4}' | sort -u > b.txt diff a.txt b.txt | grep ">" | awk '{print $2}'
10-Aug-2022 03:53
When trying to execute the command it gives the following error message? Your further help is required.
Syntax Error: "awk", grep is currently the only filter that is supported
10-Aug-2022 18:46
Yes. Thanks, the command is executed in bash mode. But it only provides the client & server cert details, if we required the overall active cert summary of the box like SAML and others etc.. Can you please guide me in this respect as well?
tmsh list ltm profile client-ssl | grep -E "cert | chain" | awk '{print $2}' | sort -u > a.txt
tmsh list ltm profile server-ssl | grep -E "cert | chain" | awk '{print $2}' | sort -u > a.txt
The second one is not working and gives an error message
tmsh list sys file ssl-cert | grep ssl-cert | awk '{print $4}' | sortexit -u > b.txt diff a.txt b.txt | grep ">" | awk '{print $2}'
11-Aug-2022 05:20
cd /var/tmp # Binded certificates on ltm ssl profiles tmsh list ltm profile | grep -E " cert| chain" | awk '{print $2}' | sort -u >> templist.txt # Binded certificates on apm tmsh list apm | grep -E "sp-certificate|sp-decryption-cert|idp-certificate|sp-certificate" | awk '{print $2}' | sort -u >> templist.txt # Ssl certificates on F5 tmsh list sys file ssl-cert | grep ssl-cert | awk '{print $4}' | sort -u >> certlist.txt cat templist.txt | sort -u > bindedlist.txt diff bindedlist.txt certlist.txt | grep ">" | awk '{print $2}'
