How to find the unused SSL certificates?
I would like to know how to find the unused SSL certificates in the device. I know verifying if the certificate is mapped to SSL profile or not ( through GUI) is one way . But this option is difficult or time consuming when we have many certificates. So can someone help if there is any easy way to find this?
Expiring SSL certificate alerts
I want to send out a mail from F5 when a certificate is about to expire. so far i have done this. Configured mail. did a test mail with the below code. echo "ssmtp test mail" | mail -vs "Test email for SOL15288" user@mydomain.com Below code in "/config/user_alert.conf" alert CERTIFICATE_EXPIRED "Certificate (.*) expired" { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.300"; email toaddress="user@mydomain.com" body="Certificate Expired on " } alert CERTIFICATE_WILL_EXPIRE "Certificate (.*) will expire" { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.301"; email toaddress="user@mydomain.com" body="Certificate will Expire on " } and then i run "run sys crypto check-cert" from tmsh. Still i dont get any alert mails
chaining with other WAF
Hi, For migration to F5 devices purpose, we will chain F5 with the current WAF. Then remove current one after validating the ASM policies. We'll put the F5 in transparent mode for learning the traffic and build the policies. The flow will go to current WAF and then to endpoint (see pict below). We will import the SSL certificates/keys of apps from current WAF to F5. Question: how can we configure the client and server SSL profiles and avoid disturbing the apps during this chaining period? Current WAF should also keep the certificates/keys. Client SSL profile with imported cert/key ? Server SSL profile with imported cert/key ? default profile ? Thanks for your help.
