Bug ID 568765: CSR administrative Email attribute and Certificate Subject’s DN Email address

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:

Opened: Jan 19, 2016
Severity: 3-Major


The Email address entered in the GUI is also there in generated CSR certificate subject DN email address(without associated SAN rfc822name), thus generated CSR is not RFC5280 conforming. And there is no way to use different email for CSR administrative email address and certificate subject DN email address.


GUI generates non RFC5280 conforming CSR.


CSR generated though GUI by providing Email address is not RFC5280 conforming.


Email address field in GUI can only be used for certificate subjects DN email address and when entered also enter rfc822name in subject alternative field. Example: If "test@test.com" entered in 'Email Address' field, then also include "email:test@test.com" in 'Subject Alternative Name' field.

Fix Information

Should be able enter different email in certificate properties (SAN/subject), administrative email of the CSR and generated CSR is RFC5280 conforming

Behavior Change