Which Certificate Fields Does BIG-IP Alter When Using C3D?

Question

Hello everyone,When the C3D feature is enabled, the BIG-IP generates a new client certificate to authenticate to the back-end server. I would like to understand which fields in the newly generated client certificate are modified (aside from the Issuer).Specifically, is there any scenario where the BIG-IP alters the certificate’s serial number?I’ve reviewed the documentation but couldn’t find any detailed information about which fields of the original client certificate might be affected by this feature.Thanks in advance for your help!Best regards,Karim

vgf5 · Accepted Answer

Hello KarimBenyelloul​&nbsp;The issuer and validity period are always changed.&nbsp; The serial number in the C3D-forged certificate is, by default, copied from the original client certificate. However, this is not guaranteed in all cases. There are known bugs (such as Bug ID892485 referenced in KB K00185847) where the serial number may not be acquired or copied correctly, which can cause issues with OCSP validation and caching.

Forum Discussion

Which Certificate Fields Does BIG-IP Alter When Using C3D?

2 Replies

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Does F5 Rules for AWS WAF - Common Vulnerabilities & Exposures Mitigate Log4J vulnerabilities

Credentialed Scanning - F5OS - Rseries

WebSocket connection to 'wss://...' failed: Invalid frame header

f5 asm reporting aggregate

rSeries 4600 additional Core Enable

Related Content

Automating Certificate Management on F5 BIG-IP

Automating ACMEv2 Certificate Management on BIG-IP

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Automate Let's Encrypt Certificates on BIG-IP

Updating SSL Certificates on BIG-IP using REST API

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS