CSR instead of real certificate in SSL client profile

Livius · ‎01-Sep-2020

Hi guys,

I recently have seen at a customer a SSL profile which was referencing a certificate signing request and key + CA rather than the real certificate.

While this seems strange, my question is if is there any impact in the functionality in having a CSR + root CA rather than the real one?

David_M · ‎01-Sep-2020

and this is working fine? how will the client see the CN and get the public key and check for cert validity and stuff like that?

Bryan_T_ · ‎01-Sep-2020

It's should be a signed public key certificate, not a CSR in the client profile. I'm surprised the BigIP even let this happen.

Livius · ‎01-Sep-2020

It shows "RSA Certificate, Key & Certificate Signing Request" whereas other certificates show only "RSA Certificate & Key". Does that actually mean that the CSR was generated on the LB itself?

Bryan_T_ · ‎02-Sep-2020

yes that's correct.

B_S · ‎11-Jul-2023

Hi Bryan,

I have the same situation, showing me "RSA Certificate, Key & Certificate Signing Request" for a specific certificate. I have no other Content like that on our LB but only "RSA Certificate, Key " . What I've done was just to renew a certificate which was going to expire, sent it to be signed by our PKI and import the new certificate. I don't understand why the CSR is still there and how can I get rid of it. Is this happening because something wrong on my side when I generated the CSR or by my colleague who signed the certificate on PKI?

Thank you!

DevCentral

CSR instead of real certificate in SSL client profile

Sep 26th, 2023
MFA required on DevCentral

DevCentral

CSR instead of real certificate in SSL client profile

Sep 26th, 2023MFA required on DevCentral

Sep 26th, 2023
MFA required on DevCentral