sys crypto check-cert
sys crypto check-cert(1) BIG-IP TMSH Manual sys crypto check-cert(1)
NAME
check-cert - Examines certificates and displays or logs any that have expired on the BIG-IP(r) system.
MODULE
sys crypto
SYNTAX
Run a check on the expiration date of LTM certificates, in the sys crypto module by using the syntax below.
RUN
run check-cert [certificate-file-name]
options:
ignore-large-cert-bundles [enabled | disabled]
log [enabled | disabled]
stdout [enabled | disabled]
verbose [enabled | disabled]
DESCRIPTION
You can use the check-cert command to check the expiration date of certificate(s) and print the results to the
screen and/or log them to /var/log/ltm.
OPTIONS
ignore-large-cert-bundles
Specifies whether or not to ignore large certificate bundles which contain more than 20 certificates. By
default it will not be ignored, i.e., it will still check every certificate bundle if this option is not
specified.
log Specifies whether results should be logged or not. By default they will be logged.
stdout
Specifies whether results should be printed to STDOUT or not. By default they will be printed.
verbose
Specifies whether verbose output should be emitted or not, such as information about all certificates
being checked rather than just those which return unfavorable results. By default verbose output is
disabled.
EXAMPLES
run check-cert
Checks all certificate file-objects known by MCPD, and displays information about any certificates which have
expired or which are close to expiration. By default this information is printed to the screen and logged to
/var/log/ltm.
run check-cert default.crt
Runs the check on the specific certificate "default.crt"
run check-cert verbose
Displays expiration information about all certificates, not just those that have expired or have impending
expirations.
run check-cert ignore-large-cert-bundles enabled
Ignore the certificate bundles with large size (the ones containing more than 20 certificates).
run check-cert log disabled
Prints the results to screen but does not log them.
run check-cert stdout disabled
Logs the results to /var/log/ltm, but does not print them to the screen.
SEE ALSO
run, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2009-2013, 2016. All rights reserved.
BIG-IP 2016-03-14 sys crypto check-cert(1)