sys crypto check-cert
sys crypto check-cert(1) BIG-IP TMSH Manual sys crypto check-cert(1)
NAME
check-cert - Examines certificates and displays or logs any that have
expired on the BIG-IP(r) system.
MODULE
sys crypto
SYNTAX
Run a check on the expiration date of LTM certificates, in the sys
crypto module by using the syntax below.
RUN
run check-cert [certificate-file-name]
options:
ignore-large-cert-bundles [enabled | disabled]
log [enabled | disabled]
stdout [enabled | disabled]
verbose [enabled | disabled]
DESCRIPTION
You can use the check-cert command to check the expiration date of
certificate(s) and print the results to the screen and/or log them to
/var/log/ltm.
OPTIONS
ignore-large-cert-bundles
Specifies whether or not to ignore large certificate bundles which
contain more than 20 certificates. By default it will not be
ignored, i.e., it will still check every certificate bundle if
this option is not specified.
log Specifies whether results should be logged or not. By default they
will be logged.
stdout
Specifies whether results should be printed to STDOUT or not. By
default they will be printed.
verbose
Specifies whether verbose output should be emitted or not, such as
information about all certificates being checked rather than just
those which return unfavorable results. By default verbose output
is disabled.
EXAMPLES
run check-cert
Checks all certificate file-objects known by MCPD, and displays
information about any certificates which have expired or which are
close to expiration. By default this information is printed to the
screen and logged to /var/log/ltm.
run check-cert default.crt
Runs the check on the specific certificate "default.crt"
run check-cert verbose
Displays expiration information about all certificates, not just those
that have expired or have impending expirations.
run check-cert ignore-large-cert-bundles enabled
Ignore the certificate bundles with large size (the ones containing
more than 20 certificates).
run check-cert log disabled
Prints the results to screen but does not log them.
run check-cert stdout disabled
Logs the results to /var/log/ltm, but does not print them to the
screen.
SEE ALSO
run, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2009-2013, 2016. All rights
reserved.
BIG-IP 2016-03-14 sys crypto check-cert(1)