Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP All
Known Affected Versions:
11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1
Fixed In:
13.0.0
Opened: Jun 13, 2016 Severity: 4-Minor
When the certificate contains multiple common names in its subject, TMSH/GUI might display a different one from that is used by the system. This behavior is also inconsistent with it in the past.
When the server name (SNI) is not configured in a clientSSL profile, the system will use the common name of its certificate as its server name, and use it to match/lookup clientSSL profiles when the SSL client specifies SNI in the clienthello. So when the clientSSL profile is using a certificate with multiple common names in the subject, the system might display a different common name from the one that is used to match/lookup clientSSL profiles whose server name is not configured.
When the certificate contains multiple common names in its subject.
None
When multiple common names are listed in a certificate, the last CN will be displayed and used.