Identify and cleanse expired and soon to expire certs from BIG-IP
Problem this snippet solves:
- Identify Expired and Soon to Expire Certs (including their use on a virtual, client-ssl profile)
- If desired, script can delete client-ssl profile, cert/key for expired certs
- Script can be run with argument of --days to indicate how many days prior to expiration you consider soon to expire
- --reportonly argument will never prompt to delete configuration objects
How to use this snippet:
usage: f5_old_cert_key_profile_cleanup.py [-h] --bigip BIGIP --user USER [--days DAYS] [--reportonly]
A tool to identify expiring and soon to expire certs and related config detritus and assist user with pruning it from configuration
optional arguments: -h, --help show this help message and exit --bigip BIGIP IP or hostname of BIG-IP Management or Self IP --user USER username to use for authentication --days DAYS number of days before expiration to consider cert as expiring soon --reportonly produce report only; do not prompt for configuration object deletion
Code :
https://github.com/cjenison/f5_old_cert_key_profile_cleanup
Tested this on version:
11.5Published Jul 29, 2018
Version 1.0