Help
Suggestions
Thoughts, Ideas, and Votes oh my.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

CSRs generated from the web UI could include Entended Key Usage requests.

RobM
Cirrus
Cirrus
‎16-Mar-2022 19:18
Status: Accepted

I generated CSRs using the web gui to send to our CA, to replace new device certs.  The new certs came back without the client-auth Extended Key Usage attribute set.  The documentation is quite clear that it must be, so it's my fault for not communicating that to the CA.  But if the CSR had included that EKU in the Requested Extensions, then I wouldn't have had to remember (at least, if my CA honored the request...)

5 Comments
Status changed to: Investigating
LiefZimmerman
Community Manager
Community Manager
‎17-Mar-2022 06:35
‎17-Mar-2022 06:35

@RobM - thanks for the suggestion. I will do some digging and see where this lands.

Cheers,
Lief

buulam
Community Manager
Community Manager
‎17-Mar-2022 13:56
‎17-Mar-2022 13:56

Hey @RobM , after some digging, we determined this has not been filed as a Request for Enhancement yet. This is a great use case, though and we could take this further by having a Request for Enhancement to track this. This process would involve opening a case with F5 Support and asking for an "RFE" and providing a description of the enhancement and the use case it addresses.

Before that, if you haven't already, I would suggest speaking with the F5 Solutions Engineer for your account. They'll be familiar with the RFE process and can help with properly filing it.

If you're unfamiliar with who your F5 Solutions Engineer is for your account, please PM me and I can help you track them down.

Thanks,

Buu

Status changed to: Accepted
LiefZimmerman
Community Manager
Community Manager
‎17-Mar-2022 15:36
‎17-Mar-2022 15:36

@RobM - What @buulam said is the best next steps for the meat of your request.

But there is a meta-aspect to this request that I will handle on DevCentral.
1) I'll put in some language on the Suggestions page and editor indicating how to make a Request For Enhancement of a product.

2) I'll put similar language in our HELP section.

I'm going to mark your suggestion as ACCEPTED for the purposes of the clarifications I'll make to DevCentral - the RFE process Buu outlined will decide on that request separately.

Thanks for helping us make the product (and the community site) better.
Lief

☘️

Anjuli_Lam
F5 Employee
F5 Employee
‎29-Mar-2022 09:04
‎29-Mar-2022 09:04

@RobM Thank you for submitting this feedback about the GUI. 

Note that if you use the BIG-IP command line, you can include EKU extensions in your certificate request. However, the certificate authority that signs your request determines the extensions to add and can choose not to copy your requested extensions. 

For more information about using the BIG-IP command line, refer to these recently updated articles:

RobM
Cirrus
Cirrus
‎29-Mar-2022 12:59
‎29-Mar-2022 12:59

Thanks Anjuli.  I've added that link to the doco for our ops team.

Copyright © 2023 Khoros, LLC