CSRs generated from the web UI could include Entended Key Usage requests.

RobM Thank you for submitting this feedback about the GUI. 

Note that if you use the BIG-IP command line, you can include EKU extensions in your certificate request. However, the certificate authority that signs your request determines the extensions to add and can choose not to copy your requested extensions. 

For more information about using the BIG-IP command line, refer to these recently updated articles:

• K51035715: Replace the Configuration utility's self-signed device certificate with a certificate signed by your organization's CA
• K16951115: Changing the BIG-IP system device certificate using the Configuration utility