Forum Discussion
NimbostratusCSR generation doesn't include SAN domains
I attempted to create a SAN CSR through the GUI (11.4.1) based on this:
https://support.f5.com/kb/en-us/solutions/public/13000/400/sol13471.html
and ended up with a CSR with only the domain name in the common name field. The entries from the Subject Alternative Field were not added. I entered the domains as the example shows "DNS: DNS:www.example.com"
What am I missing?
4 Replies
arpydaysHi, this may be related, I think TMSH will be your best bet...
cheers
https://support.f5.com/kb/en-us/solutions/public/17000/000/sol17035.html?sr=48299667
RayThomsen_7557Hmm, that link does seem to be on point for the most part. However, it is indicating the problem applies only to 11.6.0 -- I'm seeing it on 11.4.1. I suspect the effected list should be much broader. Thanks -- even if the answer is somewhat annoying. :D
- RayThomsen_7557
I tried doing this in tmsh without it seeming to work either. This was my commmand (domain names swapped out):
tmsh create /sys crypto key example.domain.com_2015 gen-csr common-name "example.domain.com" country "US" lifetime 730 subject-alternative-name "DNS: DNS:example.domain.com"
This produced a key and CSR but when I ran the CSR through a utility the subject-alternative-name field was empty.
- arpydays
Here's my output on v11.6
[root@f5lab:] tmsh create /sys crypto key test1.domain.com_2015 gen-csr common-name test1.domain.com country US lifetime 730 subject-alternative-name "DNS:www.example.domain.com, DNS:example.domain.com" | openssl req -text -noout | grep -A2 Requested Requested Extensions: X509v3 Subject Alternative Name: DNS:www.example.domain.com, DNS:example.domain.com
