Certificate status on F5

Question

Im using this command tmsh list sys file ssl-cert expiration-string to check the certification status on the BIG-IP 12.1.0 &nbsp;
Is there a way by which we can reduce the output so that it only shows the certificates expiring in next month or for a defined period of time ?&nbsp;

bigd_300005 · Answer

You could use the GUI if the CLI outputs to much info.&nbsp;
System &gt; File Management &gt; SSL Certificate List. Then sort by Expiration date.&nbsp;

rishabh_wangu_3 · Answer

Im actually looking to do it from CLI, &nbsp;
From CLI i want to automate this command for every month and then automate a report which shows the certificates expiring next month. &nbsp;

jad_tabbara__j1 · Answer

Hello Rishabh,
You can use the "check-cert" command. It "examines the expiration date of each certificate stored on the BIG-IP system, including CA bundles. By default, the check-cert command checks for SSL certificates that have expired or will expire within 30 days."
Check this article:
https://support.f5.com/csp/article/K14318
So you can run the following command that gives you expired certificates PLUS certificate expiring in 30 days. If you want to limit it to certificate that will expire in 30 days you can use a simple grep. Like that : 
tmsh run /sys crypto check-cert | grep "expire "
PLease give me a feedback 
Regards

Forum Discussion

Certificate status on F5

3 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Re: Management Certificate

Check a Virtual Server's SSL Status

Automate Let's Encrypt Certificates on BIG-IP

Automating ACMEv2 Certificate Management on BIG-IP

check status of the ssl certificate on f5 using rest api