CirrostratusAll,
I'm trying to see if there is a fast way to pull a report of all SSL certificates and their expiration dates on my Big IP device.
I used the tmsh command cd /; run /sys crypto check-cert, but that only pulls expired certificates.
Is there a better way than manually going through the GUI?
Thanks.
Cirrus(tmos.ltm) list profile client-ssl cert-key-chain(tmos) list sys crypto certOne or both may serve your requirement. Note: 1st command is executed from ltm module.
CirrusWe pulled all the cert information from the REST API, has all the information there.
CirrostratusWondering if anyone else has any suggestions on this? From what I've been able to find I can only pull the certificates on the Common partition.
NimbostratusIn tmsh, if you cd / and add recursive it will look through all partitions,
cd /; list sys crypto recursive cert | grep '^sys\|expiration'cheers
Cirrusthe url does not go anywhere
NimbostratusPython example:
!/usr/bin/env python3
import pytz
from dateutil.parser import parse
from f5.bigip import ManagementRoot
mgmt = ManagementRoot('hostname', 'username', 'password')
tz = pytz.timezone('America/Chicago')
for cert in mgmt.tm.sys.file.ssl_certs.get_collection():
expiration = parse(cert.expirationString)
print("Certificate '{}' expires {}".format(
cert.fullPath,
expiration.astimezone(tz),
))
NimbostratusTry this
tmsh list sys crypto recursive cert | grep '^sys\|expiration' >> <filename>
CirrostratusAlong with this list can we filter which SSL Profile / VIP it is using ?
tmsh list sys crypto recursive cert | grep '^sys\|expiration' >> <filename>