Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

CSR instead of real certificate in SSL client profile

Livius
Altostratus
Altostratus

‎01-Sep-2020 06:36

Hi guys,

 

I recently have seen at a customer a SSL profile which was referencing a certificate signing request and key + CA rather than the real certificate.

While this seems strange, my question is if is there any impact in the functionality in having a CSR + root CA rather than the real one?

Labels:
0 Kudos
6 REPLIES 6

David_M
Cirrostratus
Cirrostratus

‎01-Sep-2020 06:48

and this is working fine? how will the client see the CN and get the public key and check for cert validity and stuff like that?

0 Kudos

Bryan_T_
MVP
MVP

‎01-Sep-2020 07:50

It's should be a signed public key certificate, not a CSR in the client profile. I'm surprised the BigIP even let this happen.

0 Kudos

Livius
Altostratus
Altostratus

‎01-Sep-2020 12:41

It shows "RSA Certificate, Key & Certificate Signing Request" whereas other certificates show only "RSA Certificate & Key". Does that actually mean that the CSR was generated on the LB itself?

0 Kudos

Bryan_T_
MVP
MVP
In response to Livius

‎02-Sep-2020 09:40

yes that's correct.

0 Kudos

B_S
Nimbostratus
Nimbostratus
In response to Bryan_T_

‎11-Jul-2023 02:13

Hi Bryan,

I have the same situation, showing me "RSA Certificate, Key & Certificate Signing Request" for a specific certificate. I have no other Content like that on our LB but only "RSA Certificate, Key " . What I've done was just to renew a certificate which was going to expire, sent it to be signed by our PKI and import the new certificate. I don't understand why the CSR is still there and how can I get rid of it. Is this happening because something wrong on my side when I generated the CSR or by my colleague who signed the certificate on PKI?

 

Thank you!

0 Kudos

Livius
Altostratus
Altostratus
In response to B_S

‎09-Oct-2023 13:36

It is likely that your colleague who generated the csr did it from the LB directly then uploaded the signed csr (the certificate - which include the cert+key) with the same name to the system identifies it as a "bundle".

You can simply remove it by clicking on the "bundle", go to the CSR tab and delete from there. 

0 Kudos
Copyright © 2023 Khoros, LLC