My DokuWiki

User Tools

Site Tools

Trace:
.gz · Last modified: by admin

This is an old revision of the document!

TAKE A BACKUP FIRST

Unused Certificates For Loop

download
for cert in $(tmsh list sys file ssl-cert | grep "sys file ssl-cert" | awk '{print $4}'); do
    if ! tmsh list ltm profile client-ssl | grep -q $cert; then
        echo "Unused certificate: $cert"
    fi
done
 
{{output}}
Unused certificate: ca-bundle.crt
Unused certificate: f5-ca-bundle.crt
Unused certificate: f5-irule.crt
Unused certificate: f5_api_com.crt
Unused certificate: test30.infotechguy.dev_2025_112491.crt
Unused certificate: test30.infotechguy.dev_2025_140516.crt
Unused certificate: test30.infotechguy.dev_2025_196380.crt
Unused certificate: test30.infotechguy.dev_2025_827939.crt
Unused certificate: test31.infotechguy.dev_2025_112491.crt
Unused certificate: test31.infotechguy.dev_2025_140516.crt
Unused certificate: test31.infotechguy.dev_2025_196380.crt
Unused certificate: test31.infotechguy.dev_2025_827939.crt
Unused certificate: test32.infotechguy.dev_2025_112491.crt
Unused certificate: test32.infotechguy.dev_2025_140516.crt
Unused certificate: test32.infotechguy.dev_2025_196380.crt
Unused certificate: test32.infotechguy.dev_2025_827939.crt

Cool, lets take this further. let’s put each entry (take certificates loop) into an array so we can manipulate it later, in a deletion loop. 

# Declare an array to store unused certificates
unused_certs=()

# List of certificates to exclude (exclude these system certs)
exclude_list=("ca-bundle.crt" "f5-ca-bundle.crt" "f5-irule.crt" "f5_api_com.crt")

# Loop through each certificate found in BIG-IP
for cert in $(tmsh list sys file ssl-cert | grep "sys file ssl-cert" | awk '{print $4}'); do
    # Skip certificates in the exclude list
    if [[ " ${exclude_list[@]} " =~ " $cert " ]]; then
        continue
    fi

    if ! tmsh list ltm profile client-ssl | grep -q $cert; then
        unused_certs+=("$cert")  # Add unused cert to array
    fi
done

# Dry run: Print the certificates that would be deleted
echo "Dry Run: The following unused certificates would be deleted:"
for cert in "${unused_certs[@]}"; do
    echo "$cert"
done

{{output}}
test30.infotechguy.dev_2025_112491.crt
test30.infotechguy.dev_2025_140516.crt
test30.infotechguy.dev_2025_196380.crt
test30.infotechguy.dev_2025_827939.crt
test31.infotechguy.dev_2025_112491.crt
test31.infotechguy.dev_2025_140516.crt
test31.infotechguy.dev_2025_196380.crt
test31.infotechguy.dev_2025_827939.crt
test32.infotechguy.dev_2025_112491.crt
test32.infotechguy.dev_2025_140516.crt
test32.infotechguy.dev_2025_196380.crt
test32.infotechguy.dev_2025_827939.crt
.gz · Last modified: by admin

Page Tools


Home     Sitemap    

Copyright (c) 2026 My DokuWiki All Rights Reserved.