Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
13.0.0
Opened: Jan 19, 2016 Severity: 3-Major
The Email address entered in the GUI is also there in generated CSR certificate subject DN email address(without associated SAN rfc822name), thus generated CSR is not RFC5280 conforming. And there is no way to use different email for CSR administrative email address and certificate subject DN email address.
GUI generates non RFC5280 conforming CSR.
CSR generated though GUI by providing Email address is not RFC5280 conforming.
Email address field in GUI can only be used for certificate subjects DN email address and when entered also enter rfc822name in subject alternative field. Example: If "test@test.com" entered in 'Email Address' field, then also include "email:test@test.com" in 'Subject Alternative Name' field.
Should be able enter different email in certificate properties (SAN/subject), administrative email of the CSR and generated CSR is RFC5280 conforming