Bug ID 433008: Some CAs may fail to insert SAN

Last Modified: Nov 22, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1

Fixed In:
11.5.0, 11.4.1 HF9

Opened: Oct 07, 2013
Severity: 3-Major
Related Article:
K55614610

Symptoms

Certificate signing requests created by the BIG-IP system via GUI put SubjectAltName as an attribute not a extension.

Impact

Some CAs may fail to insert SAN when the CA signs the CSR bigip requested.

Conditions

Using the GUI, create CSR and add SAN name.

Workaround

Use tmsh to insert the SAN as an extension as described in SOL13471: Creating SSL SAN certificates and CSRs using the Configuration utility or tmsh at https://support.f5.com/kb/en-us/solutions/public/13000/400/sol13471.html.

Fix Information

Certificate signing requests created by the BIG-IP system via GUI now put SubjectAltName as an extension, which is correct behavior.

Behavior Change