Last Modified: Nov 22, 2021
Opened: Jan 21, 2019
Version 13.0.0 introduces a modified order of output for the X509::subject as of BIG-IP Version 13.0. Example: In BIG-IP 12.x, the format is CN=USERNAME,OU=CONTRACTOR,OU=PKI,OU=DEPT,O=COMPANY,C=US As of BIG-IP 13.0, the format is now C=US,O=COMPANY,OU=DEPT,OU=PKI,OU=CONTRACTOR,CN=USERNAME
Some iRules may not be OpenSSL compatible.
This change was done to make the output of [X509::subject [SSL::cert 0]] OpenSSL compatible.
We recommend that you adjust the expected output of the X.509 certificate subject, for example in iRules, so that it is OpenSSL compatible.