For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

gdoyle's avatar
gdoyle
Icon for Cirrostratus rankCirrostratus
Nov 04, 2019

Creating SSL Cert with a SAN the same as the CN.

Hey, all. I'm trying to create an SSL Certificate with the CN being the same as the SAN (for example, I want the CN to be mysite.com and the SAN to also be mysite.com). I know this sounds like it is pointless, but apparently some browsers (specifically Chrome) are ignoring CN's and looking only at SAN's.

The problem is that when I try to create it I receive the following error:

Key management library returned bad status: -32, Invalid Subject Alternative Name.

Any suggestions?

Thanks.

application delivery
BIG-IP
LTM
ssl

6 Replies

    • gersbah's avatar
      gersbah
      Icon for Cirrostratus rankCirrostratus
      Nov 05, 2019

      Separated by comma:

      DNS:abc.def.ghi, DNS:jkl.mno.pqr

       

      Just in case it ever comes up, you can also use "IP:1.2.3.4" for IP addresses, although in most cases I would advise to stick with DNS names.

       

       

      If F5 is taking feedback here, that info would probably be a good addition to the "help" menu for certificate creation.

      • gdoyle's avatar
        gdoyle
        Icon for Cirrostratus rankCirrostratus
        Nov 05, 2019

        Thanks, I'll look at that... I think I tried, but I didn't have the space after the comma. Perhaps that was why it wouldn't take it.

         

        Do you know how to generate a wildcard certificate in the Big IP? I've tried using *.domain.com, but once pushed to the site the site appears to be looking specifically for "*.domain.com" and not using the wildcard.