sys crypto check-certΒΆ

sys crypto check-cert(1)			  BIG-IP TMSH Manual			     sys crypto check-cert(1)

NAME
       check-cert - Examines certificates and displays or logs any that have expired on the BIG-IP(r) system.

MODULE
       sys crypto

SYNTAX
       Run a check on the expiration date of LTM certificates, in the sys crypto module by using the syntax below.

   RUN
	 run check-cert [certificate-file-name]
	   options:
	     ignore-large-cert-bundles [enabled | disabled]
	     log [enabled | disabled]
	     stdout [enabled | disabled]
	     verbose [enabled | disabled]

DESCRIPTION
       You can use the check-cert command to check the expiration date of certificate(s) and print the results to the
       screen and/or log them to /var/log/ltm.

OPTIONS
       ignore-large-cert-bundles
	    Specifies whether or not to ignore large certificate bundles which contain more than 20 certificates. By
	    default it will not be ignored, i.e., it will still check every certificate bundle if this option is not
	    specified.

       log  Specifies whether results should be logged or not. By default they will be logged.

       stdout
	    Specifies whether results should be printed to STDOUT or not. By default they will be printed.

       verbose
	    Specifies whether verbose output should be emitted or not, such as information about all certificates
	    being checked rather than just those which return unfavorable results. By default verbose output is
	    disabled.

EXAMPLES
       run check-cert

       Checks all certificate file-objects known by MCPD, and displays information about any certificates which have
       expired or which are close to expiration. By default this information is printed to the screen and logged to
       /var/log/ltm.

       run check-cert default.crt

       Runs the check on the specific certificate "default.crt"

       run check-cert verbose

       Displays expiration information about all certificates, not just those that have expired or have impending
       expirations.

       run check-cert ignore-large-cert-bundles enabled

       Ignore the certificate bundles with large size (the ones containing more than 20 certificates).

       run check-cert log disabled

       Prints the results to screen but does not log them.

       run check-cert stdout disabled

       Logs the results to /var/log/ltm, but does not print them to the screen.

SEE ALSO
       run, tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or by any means, electronic or
       mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
       other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2009-2013, 2016. All rights reserved.

BIG-IP						      2016-03-14			     sys crypto check-cert(1)