Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.3.0, 11.4.0, 11.4.1
Fixed In:
11.5.0, 11.4.1 HF9
Opened: Oct 07, 2013 Severity: 3-Major Related Article:
K55614610
Certificate signing requests created by the BIG-IP system via GUI put SubjectAltName as an attribute not a extension.
Some CAs may fail to insert SAN when the CA signs the CSR bigip requested.
Using the GUI, create CSR and add SAN name.
Use tmsh to insert the SAN as an extension as described in SOL13471: Creating SSL SAN certificates and CSRs using the Configuration utility or tmsh at https://support.f5.com/kb/en-us/solutions/public/13000/400/sol13471.html.
Certificate signing requests created by the BIG-IP system via GUI now put SubjectAltName as an extension, which is correct behavior.