sol11438: Creating SSL SAN certificates and CSRs using OpenSSL

Question

I have a certificate problem where F5 does not include the SAN extension in the generated CSR. See the following doc for details sol13770: The BIG-IP system fails to include the Subject Alternative Name extension while generating a CSR.&nbsp;
The workaround is to use OpenSSL to generate the CSR, see (sol11438). The problem is that I receive the following error for key mismatch when I try to import the certificate signed by CA. Is there away to tell F5 where to look for the private key under /var/tmp/mySSL/www.example.com.key? &nbsp;
01070313:3: Error reading key PEM file /config/filestore/files_d/Common_d/certificate_key_d/:Common:example.com.key_15190_1 for profile /Common/example.com: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch&nbsp;

mimlo_61970 · Answer

You should just need to import the key first. In the web ui, under certificates, do an import, Import type is key, give it a name and then paste/upload the key. You will then see the key in the certificate list. Click it and choose import under the certificate tab, and again paste/upload the certificate.

wonned_165453 · Answer

Issue resolved, thank you !

Forum Discussion

sol11438: Creating SSL SAN certificates and CSRs using OpenSSL

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

2026 301a exam

F5OS login with admin/root failed via console

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

UCS Encryption Question

Unblock Request WAF

Related Content

Building an OpenSSL Certificate Authority - Creating Your Root Certificate

Building an OpenSSL Certificate Authority - Creating ECC Certificates

Building an OpenSSL Certificate Authority - Creating Your Intermediary Certificate

Automating Certificate Management on F5 BIG-IP

Creating, Importing and Assigning a CA Certificate Bundle

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS