Forum Discussion
Problem applying 2 EC certs to a VS - NET::ERR_CERT_COMMON_NAME_INVALID
- Apr 06, 2022
About common name field, it was suggestion. According to link below in 14.1.4 version it isn't necessary. F5 matches SNI with SAN list.
Unfortunately, I don't have any more ideas how to solve it. Looks like a bug and reason to open a support case.
https://support.f5.com/csp/article/K13452
"For Server Name, enter the name of the HTTPS site.
Note: Beginning in BIG-IP 11.6.0, if you leave Server Name blank, the BIG-IP system reads the Subject Alternative Name (SAN) from the certificate. For versions prior to BIG-IP 11.6.0, if you leave Server Name blank, the BIG-IP system reads the Common Name (CN) from the certificate. Additionally, the Server Name setting supports wildcard strings containing the asterisk (*) character. For example, *.domain.com matches a.domain.com or a.bc.domain.com, but it does not match domain.com)."
About common name field, it was suggestion. According to link below in 14.1.4 version it isn't necessary. F5 matches SNI with SAN list.
Unfortunately, I don't have any more ideas how to solve it. Looks like a bug and reason to open a support case.
https://support.f5.com/csp/article/K13452
"For Server Name, enter the name of the HTTPS site.
Note: Beginning in BIG-IP 11.6.0, if you leave Server Name blank, the BIG-IP system reads the Subject Alternative Name (SAN) from the certificate. For versions prior to BIG-IP 11.6.0, if you leave Server Name blank, the BIG-IP system reads the Common Name (CN) from the certificate. Additionally, the Server Name setting supports wildcard strings containing the asterisk (*) character. For example, *.domain.com matches a.domain.com or a.bc.domain.com, but it does not match domain.com)."
Yep! we went the route opening a case. My love and hate relation starts when it hits a bug. Shall keep you all posted if there is any resolution. Head scratcher indeed.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com