Nimbostratuswe have around 1000 orphan certs and keys to delete. I understood that if I used "delete system crypto", it will left system file as it in bigconf.config file so better to use GUI. but deleting these mass amount of certs/keys using GUI is not quite practical.
Is there any other way I can delete those certs/keys which can clean up the files in conf file too?
Thanks,
Noctilucentyou can generate expired list of SSL certificate & delete manually or through script. will popup error if it is in used.
https://devcentral.f5.com/questions/find-unused-ssl-certificates
delete sys crypto key web.test.com.crt
delete /sys crypto key web.test.com.crt
NimbostratusThanks for your comment. I already have list of certs/keys. I believed that if I use "delete sys crypto key" command, it will delete certs/keys but not delete from conf. file.
is it not true?
Thanks
NimbostratusI just tried on one of our test box and yes that is correct that if you use "delete crypto" command, bigip.conf file still showing you it's there but if you use by GUI, it will get deleted from .conf file too. my problem is, deleting around 1000 certs/keys using GUI is not convenient so trying to find command or any other way which can clean up .conf file too.
Thanks