Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Certificate status on F5

Im using this command tmsh list sys file ssl-cert expiration-string to check the certification status on the BIG-IP 12.1.0

Is there a way by which we can reduce the output so that it only shows the certificates expiring in next month or for a defined period of time ?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You could use the GUI if the CLI outputs to much info.

System > File Management > SSL Certificate List. Then sort by Expiration date.

0
Comments on this Answer
Comment made 17-Jan-2018 by Rishabh Wangu 1

Im actually looking to do it from CLI,

From CLI i want to automate this command for every month and then automate a report which shows the certificates expiring next month.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hello Rishabh,

You can use the "check-cert" command. It "examines the expiration date of each certificate stored on the BIG-IP system, including CA bundles. By default, the check-cert command checks for SSL certificates that have expired or will expire within 30 days."

Check this article:

https://support.f5.com/csp/article/K14318

So you can run the following command that gives you expired certificates PLUS certificate expiring in 30 days. If you want to limit it to certificate that will expire in 30 days you can use a simple grep. Like that :

tmsh run /sys crypto check-cert | grep "expire "

PLease give me a feedback

Regards

0