Hi,
I am looking for pointers to get the serial number and expires time of the certificate (certificate used for setting up IPSec (using PKI)) installed on a CSR1000v (@AWS).
- Task involves getting the information from the CSR1000v as key value pair and pushing it to AWS cloudwatch.
Example:
Serial: 08A8A252944ABC0A2DD498A6CABCDZYX
DaysToExpire: 278 (Difference between current time minus end date for validity)
{08A8A252944ABC0A2DD498A6CABCDZYX:278}
OPTION1:
- I can get this information from the PEM/CER file using openssl commands , but I am running into an issue with access to the certificate since they are stored in bootflash folder in cer format, I will have to change cer to pem and than read the contents of the certificate but I am running into permissions issue on bootflash folder. Is there a way to access the cer files and make a copy to tmp folder and run the openssl commands to get the output ?
OPTIONS 2:
- Execute “Sh cry pki certificates” and parse the output to get the information. Is there a sample regex that can help me parse the output of the certificate ?
Thanks in advance for all your help.
Any other suggestions are also welcome!
GY