Last Modified: Jul 12, 2023
Known Affected Versions:
11.3.0, 11.4.0, 11.4.1
11.5.0, 11.4.1 HF9
Opened: Oct 07, 2013 Severity: 3-Major Related Article:
Related Article: K55614610
Certificate signing requests created by the BIG-IP system via GUI put SubjectAltName as an attribute not a extension.
Some CAs may fail to insert SAN when the CA signs the CSR bigip requested.
Using the GUI, create CSR and add SAN name.
Use tmsh to insert the SAN as an extension as described in SOL13471: Creating SSL SAN certificates and CSRs using the Configuration utility or tmsh at https://support.f5.com/kb/en-us/solutions/public/13000/400/sol13471.html.
Certificate signing requests created by the BIG-IP system via GUI now put SubjectAltName as an extension, which is correct behavior.