cancel
Showing results for 
Search instead for 
Did you mean: 

CSR instead of real certificate in SSL client profile

Livius
Altostratus
Altostratus

Hi guys,

 

I recently have seen at a customer a SSL profile which was referencing a certificate signing request and key + CA rather than the real certificate.

While this seems strange, my question is if is there any impact in the functionality in having a CSR + root CA rather than the real one?

4 REPLIES 4

David_M
Cirrostratus
Cirrostratus

and this is working fine? how will the client see the CN and get the public key and check for cert validity and stuff like that?

Bryan_T_
Nimbostratus
Nimbostratus

It's should be a signed public key certificate, not a CSR in the client profile. I'm surprised the BigIP even let this happen.

Livius
Altostratus
Altostratus

It shows "RSA Certificate, Key & Certificate Signing Request" whereas other certificates show only "RSA Certificate & Key". Does that actually mean that the CSR was generated on the LB itself?

yes that's correct.