My DokuWiki

User Tools

Site Tools

Trace:
.gz · Last modified: by admin

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
bigip-f5:scripts:listing-unused-certificates-via-tmsh [2026/02/12 18:12] adminbigip-f5:scripts:listing-unused-certificates-via-tmsh [2026/02/12 18:13] (current) – removed admin
Line 1: Line 1:
-==TAKE A BACKUP FIRST== 
- 
-**Unused Certificates For Loop** 
- 
-<code:bash| download> 
-for cert in $(tmsh list sys file ssl-cert | grep "sys file ssl-cert" | awk '{print $4}'); do 
-    if ! tmsh list ltm profile client-ssl | grep -q $cert; then 
-        echo "Unused certificate: $cert" 
-    fi 
-done 
- 
-{{output}} 
-Unused certificate: ca-bundle.crt 
-Unused certificate: f5-ca-bundle.crt 
-Unused certificate: f5-irule.crt 
-Unused certificate: f5_api_com.crt 
-Unused certificate: test30.infotechguy.dev_2025_112491.crt 
-Unused certificate: test30.infotechguy.dev_2025_140516.crt 
-Unused certificate: test30.infotechguy.dev_2025_196380.crt 
-Unused certificate: test30.infotechguy.dev_2025_827939.crt 
-Unused certificate: test31.infotechguy.dev_2025_112491.crt 
-Unused certificate: test31.infotechguy.dev_2025_140516.crt 
-Unused certificate: test31.infotechguy.dev_2025_196380.crt 
-Unused certificate: test31.infotechguy.dev_2025_827939.crt 
-Unused certificate: test32.infotechguy.dev_2025_112491.crt 
-Unused certificate: test32.infotechguy.dev_2025_140516.crt 
-Unused certificate: test32.infotechguy.dev_2025_196380.crt 
-Unused certificate: test32.infotechguy.dev_2025_827939.crt 
-</code> 
- 
-**Cool, lets take this further. let’s put each entry (take certificates loop) into an array so we can manipulate it later, in a deletion loop.** 
- 
-<code:bash | download> 
-# Declare an array to store unused certificates 
-unused_certs=() 
- 
-# List of certificates to exclude (exclude these system certs) 
-exclude_list=("ca-bundle.crt" "f5-ca-bundle.crt" "f5-irule.crt" "f5_api_com.crt") 
- 
-# Loop through each certificate found in BIG-IP 
-for cert in $(tmsh list sys file ssl-cert | grep "sys file ssl-cert" | awk '{print $4}'); do 
-    # Skip certificates in the exclude list 
-    if [[ " ${exclude_list[@]} " =~ " $cert " ]]; then 
-        continue 
-    fi 
- 
-    if ! tmsh list ltm profile client-ssl | grep -q $cert; then 
-        unused_certs+=("$cert" # Add unused cert to array 
-    fi 
-done 
- 
-# Dry run: Print the certificates that would be deleted 
-echo "Dry Run: The following unused certificates would be deleted:" 
-for cert in "${unused_certs[@]}"; do 
-    echo "$cert" 
-done 
- 
-{{output}} 
-test30.infotechguy.dev_2025_112491.crt 
-test30.infotechguy.dev_2025_140516.crt 
-test30.infotechguy.dev_2025_196380.crt 
-test30.infotechguy.dev_2025_827939.crt 
-test31.infotechguy.dev_2025_112491.crt 
-test31.infotechguy.dev_2025_140516.crt 
-test31.infotechguy.dev_2025_196380.crt 
-test31.infotechguy.dev_2025_827939.crt 
-test32.infotechguy.dev_2025_112491.crt 
-test32.infotechguy.dev_2025_140516.crt 
-test32.infotechguy.dev_2025_196380.crt 
-test32.infotechguy.dev_2025_827939.crt 
-</code> 
- 
- 
- 
  
.gz · Last modified: by admin

Page Tools


Home     Sitemap    

Copyright (c) 2026 My DokuWiki All Rights Reserved.