Forum Discussion

sundogbrew's avatar
sundogbrew
Icon for Altocumulus rankAltocumulus
Apr 15, 2014

tmsh script to change SSL cert

I have a lot of virtuals that use the same cert which is now potentially compromised, wondering if anyone has a tmsh script to change them all at once. I can pretty easily create a file with all the names in it or have a command run to grep the names out to feed through a loop. Just wondering the command if I did that.

 

I have been playing with modify ltm virtual name_of_virtual then when you get to changing the properties it seems to get a little fishy? Don't want to do these by hand. Thought about editing the bigip.conf file and doing a find replace and (haven't ruled that out entirely yet but a script that does it as a loop might be nice to have. Thanks Joe

 

application delivery
LTM
management
TMSH

3 Replies

Sort By
  • uni's avatar
    uni
    Icon for Altostratus rankAltostratus
    Apr 15, 2014
    I feel your pain. The syntax is pretty awful when you are replacing one element of a collection. I have ended up listing all the virtuals, editing it with a text editor then merging it back in (load sys config merge) You are going to have the same issue when the cert expires too. I try to have one client-ssl profile per certificate. If you need variants, make them descendants of that one.
  • uni's avatar
    uni
    Icon for Altostratus rankAltostratus
    Apr 15, 2014

    Now that I am in front of my computer, here is the syntax you need:

    tmsh modify ltm virtual my-vs profiles delete { old-clientssl } profiles add { new-clientssl }

    Here is a bash one-liner which will replace profiles "old-clientssl" with "new-clientssl" in all virtuals in /Common:

    tmsh list ltm virtual one-line|grep old-clientssl|cut -d' ' -f3| xargs -I_ -n1 tmsh modify ltm virtual _ profiles delete { old-clientssl } profiles add { new-clientssl }

    Run this at your own risk. I suggest you change the last "tmsh" to "echo" to test it first.

  • sundogbrew's avatar
    sundogbrew
    Icon for Altocumulus rankAltocumulus
    Apr 16, 2014

    Uni, Thanks so much! I tested this out on my backup and it seems to do exactly what I need. Now I just need to schedule it on the primary! Thanks Joe