Forum Discussion

jaikumar_f5_226's avatar
jaikumar_f5_226
Icon for Nimbostratus rankNimbostratus
May 31, 2017

Certificate Report Bash Script - Expiring within 30days

I'm using the below for now, but it aint so useful.

cat Certificate_script

rm Certificate_Report.txt
tmsh list sys crypto recursive cert | grep '^sys\|expiration\|common-name' > Certificate_Report.txt

So I thought of going with for loop condition on a new script by using the below,

delete files if already exists
rm /var/tmp/Certificate_mgmt/Certificate_validity-report.txt
rm /var/tmp/Certificate_mgmt/validity-report.txt
pushd /config/filestore/files_d/Common_d/certificate_d/
for x in *.crt_*; do
  echo -n $x
 remove the file type .crt
  y=${x%.crt_*}
  echo -e $y >> /var/tmp/Certificate_mgmt/validity-report.txt
openssl x509 -noout -in /config/filestore/files_d/Common_d/certificate_d/$y.* -dates -serial -subject >> /var/tmp/Certificate_mgmt/validity-report.txt
  echo -e "\n----------" >> /var/tmp/Certificate_mgmt/validity-report.txt
done
cat /var/tmp/Certificate_mgmt/validity-report.txt |  grep -B4 subject > /var/tmp/Certificate_mgmt/Certificate_validity-report.txt
popd

But the point is I'm just getting the required parameters, how do I manage to create a report which could get me [Cert name, Common Name, Expiry Date, Serial] expiring in 30 days.

BIG-IP
LTM
security

1 Reply

Sort By
  • Anesh's avatar
    Anesh
    Icon for Cirrostratus rankCirrostratus
    May 31, 2017

    Please consider using the iControl API, the information you require is easily available using this interface Also, Using shell scripting for a task which can be readily automated via an API already available with the device is not an optimal soltuion

     

    And if you are using Python for automation Bigsuds makes your life even more easier