Forum Discussion

Grayson_149410's avatar
Grayson_149410
Icon for Nimbostratus rankNimbostratus
Jun 12, 2014
Solved

List of client ssl profiles certificate chain

I am fairly new to the world of LTM. We currently in the process of cleaning up our SSL certificates. We are running into an issues where many client ssl profiles are using an incorrect Certificate Chain.

 

I was wondering if there was an command (tmsh/bash?) to pull all SSL Client Profiles that contain a certain certificate chain. If not, just an entire list would be ok and I could just export the entire list (as long as it contains what chain it is using) and find the chains in question myself. Thanks.

 

  • From tmsh, you can run 'list ltm profile client-ssl' and it'll print out each client SSL profile. You should be able to identify which profiles contain the offending chain from there.

     

4 Replies

  • From tmsh, you can run 'list ltm profile client-ssl' and it'll print out each client SSL profile. You should be able to identify which profiles contain the offending chain from there.

     

    • Cory_50405's avatar
      Cory_50405
      Icon for Noctilucent rankNoctilucent
      To expand on this answer and make filtering easier, use the one-line modifier and grep on the chain name: list ltm profile client-ssl one-line | grep chain
    • Grayson_149410's avatar
      Grayson_149410
      Icon for Nimbostratus rankNimbostratus
      Awesome that was exactly what I was looking for. What is the best way to output this to a file so I can FTP in and pick it up?
    • Cory_50405's avatar
      Cory_50405
      Icon for Noctilucent rankNoctilucent
      This will output it to a file in /var/tmp, but run this from bash: tmsh list ltm profile client-ssl one-line | grep chain > /var/tmp/clientssl.txt