Last Modified: Oct 19, 2025
Affected Product(s):
F5OS Velos
Fixed In:
F5OS-A 1.1.0
Opened: Sep 13, 2021 Severity: 3-Major
When creating a self-signed certificate, VELOS returns an error. The create self-signed certificate function allows for elliptic curves but does not work for 'SM2'.
Attempting to use SM2 curve name results in an error.
When requesting a certificate using type ec, the curve name SM2 can be selected.
Outside confd you can create the SM2 key using: /usr/bin/openssl ecparam -genkey -name SM2 The key can then be entered using system-aaa-tls-config-key and subsequently used to create a CSR. The self-signed certificate would need to be done using openssl commands and entered manually if to be stored.
The SM2 curve name can now be used like all the other ec curve names.