cancel
Showing results for 
Search instead for 
Did you mean: 

tmsh comand to list only certs by issuer

MichellePhipps
Nimbostratus
Nimbostratus

I'm trying to get a list of all self signed certificate or by issuer installed on all partitions that will expire in 30 days

 

These are the other command that I use:

tmsh list sys file ssl-cert all-properties > /shared/SSLreports/tmshssl.txt

tmsh run /sys crypto check-cert

tmsh list sys file ssl-cert expiration-string

 

 

1 ACCEPTED SOLUTION

Hello Michelle.

 

Expiration-date is a timestamp not a date.

# date -d @1638964800 Wed Dec 8 13:00:00 CET 2021

You can use 'expiration-string' instead.

# tmsh list sys file ssl-cert expiration-string

Please, don't forget to mark the answer as the best to help other people to find it.

 

Regards,

Dario.

Regards,
Dario.

View solution in original post

6 REPLIES 6

Hello Michelle.

 

You can check all partitions with a command similar to this:

tmsh -q -c "cd / ; list sys file recursive ssl-cert issuer subject expiration-date"

If you need something else, you can tune this previous command or modify the output using some BASH engineering.

 

Regards,

Dario.

Regards,
Dario.

MichellePhipps
Nimbostratus
Nimbostratus

Thanks that works great. So if I want to narrow it down to a specific issuer like for self signed CN=wmroot. I've tried common name or CN but they are not accepted.

Some bash engineering...

# tmsh -q -c "cd / ; list sys file ssl-cert recursive one-line" | grep -e "CN=localhost" | awk '{print$4}' | xargs -I {} tmsh -c "cd / ; list sys file ssl-cert {} issuer subject expiration-date"

Note: replace "CN=localhost" with your "CN=<your-cn>"

 

Regards,

Dario.

Regards,
Dario.

MichellePhipps
Nimbostratus
Nimbostratus

So when looking into the file the expiry date comes up as expiration-date 1638964800 instead of the actual date Dec 8 2021 12:00:00 GMT

Hello Michelle.

 

Expiration-date is a timestamp not a date.

# date -d @1638964800 Wed Dec 8 13:00:00 CET 2021

You can use 'expiration-string' instead.

# tmsh list sys file ssl-cert expiration-string

Please, don't forget to mark the answer as the best to help other people to find it.

 

Regards,

Dario.

Regards,
Dario.

MichellePhipps
Nimbostratus
Nimbostratus

Great!! thanks