Bug ID 756130: X.509 certificate subject format

Last Modified: Sep 25, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Opened: Jan 21, 2019
Severity: 4-Minor

Symptoms

Version 13.0.0 introduces a modified order of output for the X509::subject as of BIG-IP Version 13.0. Example: In BIG-IP 12.x, the format is CN=USERNAME,OU=CONTRACTOR,OU=PKI,OU=DEPT,O=COMPANY,C=US As of BIG-IP 13.0, the format is now C=US,O=COMPANY,OU=DEPT,OU=PKI,OU=CONTRACTOR,CN=USERNAME

Impact

Some iRules may not be OpenSSL compatible.

Conditions

This change was done to make the output of [X509::subject [SSL::cert 0]] OpenSSL compatible.

Workaround

We recommend that you adjust the expected output of the X.509 certificate subject, for example in iRules, so that it is OpenSSL compatible.

Fix Information

None

Behavior Change