sys crypto check-cert
sys crypto check-cert(1) BIG-IP TMSH Manual sys crypto check-cert(1)
NAME
check-cert - Examines certificates and displays or logs any that have expired on the BIG-IP(r) system.
MODULE
sys crypto
SYNTAX
Run a check on the expiration date of LTM certificates, in the sys crypto module by using the syntax below.
RUN
run check-cert [certificate-file-name]
options:
ignore-large-cert-bundles [enabled | disabled]
log [enabled | disabled]
stdout [enabled | disabled]
verbose [enabled | disabled]
DESCRIPTION
You can use the check-cert command to check the expiration date of certificate(s) and print the results to the screen
and/or log them to /var/log/ltm.
OPTIONS
ignore-large-cert-bundles
Specifies whether or not to ignore large certificate bundles which contain more than 20 certificates. By default it
will not be ignored, i.e., it will still check every certificate bundle if this option is not specified.
log Specifies whether results should be logged or not. By default they will be logged.
stdout
Specifies whether results should be printed to STDOUT or not. By default they will be printed.
verbose
Specifies whether verbose output should be emitted or not, such as information about all certificates being checked
rather than just those which return unfavorable results. By default verbose output is disabled.
EXAMPLES
run check-cert
Checks all certificate file-objects known by MCPD, and displays information about any certificates which have expired or
which are close to expiration. By default this information is printed to the screen and logged to /var/log/ltm.
run check-cert default.crt
Runs the check on the specific certificate "default.crt"
run check-cert verbose
Displays expiration information about all certificates, not just those that have expired or have impending expirations.
run check-cert ignore-large-cert-bundles enabled
Ignore the certificate bundles with large size (the ones containing more than 20 certificates).
run check-cert log disabled
Prints the results to screen but does not log them.
run check-cert stdout disabled
Logs the results to /var/log/ltm, but does not print them to the screen.
SEE ALSO
run, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2009-2013, 2016. All rights reserved.
BIG-IP 2016-03-14 sys crypto check-cert(1)