Bug ID 568768: CSR attribute email and certificate Subject's DN email are not distinguished

Last Modified: May 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:

Opened: Jan 19, 2016
Severity: 3-Major


The email entered when creating a CSR is used as the CSR attribute email and the email in the certificate properties (SAN/subject)


Unable to generate a separate email attribute in the CSR as well as the certificate subject's DN email


Creating a CSR via iControl or TMSH



Fix Information


Behavior Change

With iControl or TMSH, When CSR with Subject's DN containing an EmailAddress created then a RFC822Name SAN entry with that EmailAddress is added automatically. For iControl or TMSH, If provided SAN is not short enough(current max length is 4095 chars) to automatically add RFC822Name SAN entry, then it will throw an error saying "Certificates with Subject's DN containing an Email Address must also have a RFC822Name SAN entry with that Email Address and failed to automatically include as the length exceeded 4095 characters."