Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP TMOS
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Fixed In:
13.0.0
Opened: Jan 19, 2016
Severity: 3-Major
The email entered when creating a CSR is used as the CSR attribute email, and the email in the certificate properties (SAN/subject).
Unable to generate a separate email attribute in the CSR as well as the certificate subject's DN email
Creating a CSR via iControl or tmsh.
None.
You can now generate a separate email attribute in the CSR as well as the certificate subject's DN email
With iControl or TMSH, When CSR with Subject's DN containing an EmailAddress created then a RFC822Name SAN entry with that EmailAddress is added automatically. For iControl or TMSH, If provided SAN is not short enough(current max length is 4095 chars) to automatically add RFC822Name SAN entry, then it will throw an error saying "Certificates with Subject's DN containing an Email Address must also have a RFC822Name SAN entry with that Email Address and failed to automatically include as the length exceeded 4095 characters."
