how would I get the details off a non-common partition?
do you happen to have virtual server which uses clientssl profile from another partition or clientssl profile that uses certificate from another partition? if yes, it will not be recognized by the one-liner script (below). it is because how the script is built (we are filtering virtual server based on clientssl profile based on certificate in specific partition).
there are 4 folders including root.
root@(bip1a)(cfg-sync In Sync)(Active)(/)(tmos) list sys folder |grep sys
sys folder / {
sys folder Common {
sys folder asgard {
sys folder jotunheim {
each folder except root has its own certificate, clientssl profile and virtual server.
// common
root@(bip1a)(cfg-sync In Sync)(Active)(/Common)(tmos) list sys file ssl-cert cert-one.crt
sys file ssl-cert cert-one.crt {
certificate-key-size 2048
checksum SHA1:1013:76f6b8023a53f91defdb335f1df514337070c631
create-time 2017-12-28:21:18:37
created-by admin
expiration-date 1546003117
expiration-string "Dec 28 13:18:37 2018 GMT"
issuer CN=one.local,C=US
key-type rsa-public
last-update-time 2017-12-28:21:18:37
mode 33188
revision 1
serial-number 252134317
size 1013
source-path /config/ssl/ssl.crt/cert-one.crt
subject CN=one.local,C=US
updated-by admin
version 3
}
root@(bip1a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm profile client-ssl clientssl-one cert key
ltm profile client-ssl clientssl-one {
cert cert-one.crt
key cert-one.key
}
root@(bip1a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual vs-one profiles
ltm virtual vs-one {
profiles {
clientssl-one {
context clientside
}
tcp {
context all
}
}
}
// asgard
root@(bip1a)(cfg-sync In Sync)(Active)(/asgard)(tmos) list sys file ssl-cert cert-heimdall.crt
sys file ssl-cert cert-heimdall.crt {
certificate-key-size 2048
checksum SHA1:1025:e787e6f665058d1d43d4d7d780ec69014bbfbcc5
create-time 2017-12-28:21:15:19
created-by admin
expiration-date 1546002919
expiration-string "Dec 28 13:15:19 2018 GMT"
issuer CN=heimdall.local,C=US
key-type rsa-public
last-update-time 2017-12-28:21:15:19
mode 33188
partition asgard
revision 1
serial-number 252134119
size 1025
source-path /config/ssl/ssl.crt/cert-heimdall.crt
subject CN=heimdall.local,C=US
updated-by admin
version 3
}
root@(bip1a)(cfg-sync In Sync)(Active)(/asgard)(tmos) list ltm profile client-ssl clientssl-heimdall cert key
ltm profile client-ssl clientssl-heimdall {
cert cert-heimdall.crt
key cert-heimdall.key
}
root@(bip1a)(cfg-sync In Sync)(Active)(/asgard)(tmos) list ltm virtual vs-heimdall profiles
ltm virtual vs-heimdall {
profiles {
/Common/tcp {
context all
}
clientssl-heimdall {
context clientside
}
}
}
// jotunheim
root@(bip1a)(cfg-sync In Sync)(Active)(/jotunheim)(tmos) list sys file ssl-cert loki-cert.crt
sys file ssl-cert loki-cert.crt {
certificate-key-size 2048
checksum SHA1:1013:bbf5b8a4020b415690e6f87a1c6d8222d6aa4a7d
create-time 2017-12-28:21:16:09
created-by admin
expiration-date 1546002969
expiration-string "Dec 28 13:16:09 2018 GMT"
issuer CN=loki.local,C=US
key-type rsa-public
last-update-time 2017-12-28:21:16:09
mode 33188
partition jotunheim
revision 1
serial-number 252134169
size 1013
source-path /config/ssl/ssl.crt/loki-cert.crt
subject CN=loki.local,C=US
updated-by admin
version 3
}
root@(bip1a)(cfg-sync In Sync)(Active)(/jotunheim)(tmos) list ltm profile client-ssl clientssl-loki cert key
ltm profile client-ssl clientssl-loki {
cert loki-cert.crt
key loki-cert.key
}
root@(bip1a)(cfg-sync In Sync)(Active)(/jotunheim)(tmos) list ltm virtual vs-loki profiles
ltm virtual vs-loki {
profiles {
/Common/tcp {
context all
}
clientssl-loki {
context clientside
}
}
}
but this jotunheim folder has special virtual server/clientssl profile which refers to certificate in common folder. this virtual server/clientssl profile will not be flagged by the one-liner script below.
root@(bip1a)(cfg-sync In Sync)(Active)(/jotunheim)(tmos) list ltm virtual vs-special profiles
ltm virtual vs-special {
profiles {
/Common/tcp {
context all
}
clientssl-special {
context clientside
}
}
}
root@(bip1a)(cfg-sync In Sync)(Active)(/jotunheim)(tmos) list ltm profile client-ssl clientssl-special cert key
ltm profile client-ssl clientssl-special {
cert /Common/cert-one.crt
key /Common/cert-one.key
}
the one-liner script
[root@bip1a:Active:In Sync] config for p in `tmsh -c "cd /; list sys folder one-line" |awk '{if($3~/^\//) {print $3; next} {print "/" $3}}'`; do echo "===== partition: $p ====="; for i in `tmsh -c "cd $p; list sys file ssl-cert one-line" |awk '{print $4}'`; do echo "----- cert: $i -----"; for j in `tmsh -c "cd $p; list ltm profile client-ssl one-line" |grep $i\ |awk '{print $4}'`; do echo "***** profile: $j *****"; for k in `tmsh -c "cd $p; list ltm virtual one-line" |grep $j\ |awk '{print $3}'`; do echo "..... virtual: $k ....."; echo ""; done; done; done; echo ""; done
===== partition: / =====
===== partition: /Common =====
----- cert: ca-bundle.crt -----
----- cert: cert-one.crt -----
***** profile: clientssl-one *****
..... virtual: vs-one .....
----- cert: default.crt -----
***** profile: clientssl *****
***** profile: clientssl-insecure-compatible *****
***** profile: clientssl-secure *****
***** profile: crypto-server-default-clientssl *****
***** profile: wom-default-clientssl *****
----- cert: f5-irule.crt -----
===== partition: /asgard =====
----- cert: cert-heimdall.crt -----
***** profile: clientssl-heimdall *****
..... virtual: vs-heimdall .....
===== partition: /jotunheim =====
----- cert: loki-cert.crt -----
***** profile: clientssl-loki *****
..... virtual: vs-loki .....