K14318 – Identifying expired certs and certs about to expire in 30 days.
K15288 – Email reminder for cert expiration.
A few one-liners from bash to identify the cert expiration date:
Identifying the expiration date from the certificate name:
~ # tmsh list sys file ssl-cert domain.crt | grep expiration
expiration-date 1505951999
expiration-string "Sep 20 23:59:59 2017 GMT"
Identifying the Client SSL profile for a certificate:
~ # tmsh list ltm profile client-ssl one-line | grep domain.crt | awk '{print $3,$4}'
client-ssl CLIENTSSL-domain.com
Identifying the Virtual Server from Client SSL profile:
~ # tmsh list ltm virtual one-line | grep CLIENTSSL-domain.com | awk '{print $2,$3}'
virtual VS-10.10.10.10-Public
Identifying the expiration date for cert associated with VS:
~ # echo | openssl s_client -connect 10.10.10.10:443 2> /dev/null | openssl x509 -noout -dates
notBefore=Nov 21 00:00:00 2016 GMT
notAfter=Nov 22 23:59:59 2017 GMT