Last Modified: Jun 04, 2025
Affected Product(s):
F5OS Velos
Fixed In:
F5OS-C 1.8.0, F5OS-A 1.8.0
Opened: Jan 26, 2024 Severity: 3-Major
There is no method available for inputting the SAN field during the creation of certificates or CSR.
The option to include the SAN field in certificates and/or certificate request is not available.
While creating a CSR through system aaa tls create-csr in ConfD.
To add an SAN, you need to edit the /etc/pki/tls/openssl.cnf file and add it. However, this may not be effective for certain software that does not accurately read the configuration file.
A new SAN field has been implemented, which is mandatory, and allows users to enter a value in the field. However, if the value “none” is used, the field can be omitted. Additionally, to allow entry of the SAN, a default tls certificate is created in /etc/auth-config/default/f5os.cert that has the SAN populated with the hostname and management-ip values. In the absence of a user-provided self-signed certificate, the http-server will automatically use the default certificate. As this is a new feature, back-porting to older versions has not been implemented and would be difficult and complex.