Bug ID 598917: TMSH and GUI might display a different common name from that is used by the system and displayed in the past.

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4

Fixed In:
13.0.0

Opened: Jun 13, 2016
Severity: 4-Minor

Symptoms

When the certificate contains multiple common names in its subject, TMSH/GUI might display a different one from that is used by the system. This behavior is also inconsistent with it in the past.

Impact

When the server name (SNI) is not configured in a clientSSL profile, the system will use the common name of its certificate as its server name, and use it to match/lookup clientSSL profiles when the SSL client specifies SNI in the clienthello. So when the clientSSL profile is using a certificate with multiple common names in the subject, the system might display a different common name from the one that is used to match/lookup clientSSL profiles whose server name is not configured.

Conditions

When the certificate contains multiple common names in its subject.

Workaround

None

Fix Information

When multiple common names are listed in a certificate, the last CN will be displayed and used.

Behavior Change