Last Modified: Jun 04, 2025
Affected Product(s):
F5OS Velos
Fixed In:
F5OS-A 1.8.0
Opened: Jan 26, 2024 Severity: 3-Major
When creating a Certificate Request (CSR), a key must be provided. Since a key was provided by the 'store-tls' option for the TLS key, it was assumed that the CSR was intended to be used with that specific key.
The certificate request (CSR) functionality is not as flexible as it could be (similar to the self-signed certificate, which allows a key to be created). It is complex to create certificate requests where a new key is required. Additionally, the absence of a stored key meant that no CSR could be produced.
Generating a CSR request via system aaa tls create-csr in confd
Create a new key, store it in TLS, and run the create-certificate-request.
The create-certificate request now allows a key to be created, or, if none exists, it creates one. If no key is requested and one exists, the process will continue as usual, generating a CSR using the pre-existing key. However, if a key is requested (or does not exist), a new one will be created and both the key and CSR will be shown. It is important to note that a CSR without knowing the key is of no use.