Is there an easy way to view SSL cert expiration, what profile it is bound to, and what virtual server the profile is being used?

Question

I am trying to gather some info and having a hard time gathering it in a simplistic way. I am trying to view a list of SSL certs with expiration dates, which profiles they are bound to, and which virtual servers the profiles are bound to. Is there a script that will help provide this information? I am currently using BIG-IP version 11.6. Thank you

vijay_e · Answer

This doesn't directly answer your question but may be of help:
 - Cert Expiration 
 - Email Cert Expiration
A few one-liners from bash:
~  tmsh list sys file ssl-cert domain.crt | grep expiration
    expiration-date 1505951999
    expiration-string "Sep 20 23:59:59 2017 GMT"

~  tmsh list ltm profile client-ssl one-line | grep domain.crt | awk '{print $3,$4}'
    client-ssl CLIENTSSL-domain.com

~  tmsh list ltm virtual one-line | grep CLIENTSSL-domain.com | awk '{print $2,$3}'
    virtual VS-10.10.10.10-Public

~  echo | openssl s_client -connect 10.10.10.10:443 2&gt; /dev/null | openssl x509 -noout -dates
notBefore=Nov 21 00:00:00 2016 GMT
notAfter=Nov 22 23:59:59 2017 GMT

Forum Discussion

Is there an easy way to view SSL cert expiration, what profile it is bound to, and what virtual server the profile is being used?

1 Reply

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire

Expired ssl warning

Identify and cleanse expired and soon to expire certs from BIG-IP

Server Profile SNI

Cache Expire