Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Muhammad_Irfan1's avatar
Muhammad_Irfan1
Icon for Cirrus rankCirrus
Nov 29, 2014
Solved

Server and client certificate CN should match or not in client authentication

During client authentication set to require.   F5 certificate CN and Client certificate CN should match?   I uploaded CA bundle through GUI but that is not shown in   /config/file...
  • nitass_89166's avatar
    nitass_89166
    Nov 29, 2014

    F5 certificate CN and Client certificate CN should match?

     

    no, cn should not be the same because they authenticate different things (one authenticates server but the other one authenticates client).

     

    I uploaded CA bundle through GUI but that is not shown in /config/filestore/files_d/Common_d/certificate_d

     

    i understand it is correct. trust_certificate_d is for device trust.

     

nitass's avatar
nitass
Icon for Employee rankEmployee
Nov 30, 2014

i do not know what the full name of CHecking.crt in filestore is and what and where the client certificate file is. anyway, this is an example.

 openssl verify -verbose -CAfile /config/filestore/files_d/Common_d/certificate_d/\:Common\:chain.crt_39032_1 /var/tmp/client2.crt
Muhammad_Irfan1's avatar
Muhammad_Irfan1
Icon for Cirrus rankCirrus
Nov 30, 2014
Could this be the problem for testing which certificate I am using for client authentication it is written with it that Certificate intended purpose server authentication. could this be the problem that I can not use it for client authentication