Forum Discussion

gdoyle's avatar
Icon for Cirrostratus rankCirrostratus
Sep 20, 2016

Looking to pull report for all SSL Certificates with expiration dates.



I'm trying to see if there is a fast way to pull a report of all SSL certificates and their expiration dates on my Big IP device.


I used the tmsh command cd /; run /sys crypto check-cert, but that only pulls expired certificates.


Is there a better way than manually going through the GUI?




8 Replies

  • Try this

    tmsh list sys crypto recursive cert | grep '^sys\|expiration' >> <filename>


    • Subrun's avatar
      Icon for Cirrostratus rankCirrostratus

      Along with this list can we filter which SSL Profile / VIP it is using ?


      tmsh list sys crypto recursive cert | grep '^sys\|expiration' >> <filename>

  • Python example:

    !/usr/bin/env python3
    import pytz
    from dateutil.parser import parse
    from f5.bigip import ManagementRoot
    mgmt = ManagementRoot('hostname', 'username', 'password')
    tz = pytz.timezone('America/Chicago')
    for cert in
        expiration = parse(cert.expirationString)
        print("Certificate '{}' expires {}".format(
  • In tmsh, if you cd / and add recursive it will look through all partitions,

    cd /; list sys crypto recursive cert | grep '^sys\|expiration'


  • gdoyle's avatar
    Icon for Cirrostratus rankCirrostratus

    Wondering if anyone else has any suggestions on this? From what I've been able to find I can only pull the certificates on the Common partition.


  • (tmos.ltm) list profile client-ssl cert-key-chain

    (tmos) list sys crypto cert

    One or both may serve your requirement. Note: 1st command is executed from ltm module.