TLS Certificate Discovery for F5 BIG-IP Local Traffic Manager
TLS (Transport Layer Security) is a type of cryptographic protocol that uses certificates to provide authentication and data encryption between servers, devices, and applications operating over the network. A common use of TLS is to secure connections from a web server to a user browser.
Discovery performs an SNMP query to obtain the list of the Virtual Servers using SSL profiles. After that, it collects information about respective TLS certificates. Using a search, you can find Certificates that will reach an expiration date soon.
Prerequisites
To perform F5 TLS Certificates discovery, make sure that you have the following configurations:
- Open HTTPS port 443.
- One of the following REST API credentials:
- F5 REST API with token-based authentication
- REST API with basic authentication
Triggers
There's no trigger node for the F5 TLS Certificates discovery. Instead, we perform an SNMP query (F5_ltmVirtualServProfileEntry) to get the mapping of all of the Virtual Servers to their respective SSL profiles.
Command
Discovery performs an API call for each discovered certificate: https://{device_IP}/mgmt/tm/sys/file/ssl-cert/{certificate_location}.
Attributes and Regex expressions
Attribute | Regex expression to get attribute |
|---|---|
start date expiry date sha_256_fingerprint issuer subject_alternative_name organization organization_unit serial subject common_name key name short_name type | createTime attribute of the API response expirationString attribute of the API response checksum attribute of the API response issuer attribute of the API response subjectAlternativeName attribute of the API response regex 'O\s*=\s*(.+?),' regex 'OU\s*=\s*(.+?),' serialNumber attribute of the API response subject attribute of the API response regex 'CN\s*=\s*(.+?)$' None. Set manually None. Set manually None. Set manually None. Set manually |
The examples of the Load balancer modeling:
