Bug ID 756130: X.509 certificate subject format

Last Modified: Nov 22, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Opened: Jan 21, 2019
Severity: 4-Minor


Version 13.0.0 introduces a modified order of output for the X509::subject as of BIG-IP Version 13.0. Example: In BIG-IP 12.x, the format is CN=USERNAME,OU=CONTRACTOR,OU=PKI,OU=DEPT,O=COMPANY,C=US As of BIG-IP 13.0, the format is now C=US,O=COMPANY,OU=DEPT,OU=PKI,OU=CONTRACTOR,CN=USERNAME


Some iRules may not be OpenSSL compatible.


This change was done to make the output of [X509::subject [SSL::cert 0]] OpenSSL compatible.


We recommend that you adjust the expected output of the X.509 certificate subject, for example in iRules, so that it is OpenSSL compatible.

Fix Information


Behavior Change