CirrusProblem applying 2 EC certs to a VS - NET::ERR_CERT_COMMON_NAME_INVALID
We have a virtual server that is currently configured for SSL Offloading using an L1F EC cert by Entrust. Current cert has about 240 SANs. Customer wants to add few more SANs. To manage it efficiently TLS team created a new cert with required SANs and different common name from the the first one. There is no common SAN in both certs. Client SSL Profile bound to old certificate has default SNI checked. Another client SSL profile is bound to the new EC certificate. As we try to browse addresses of second cert we see certificate error NET::ERR_CERT_COMMON_NAME_INVALID. There is only one (old) certificate applied to the virtual server as we see . I have tried building a bundle too using the old and new certificate. No luck either. Any suggestion/pointer will be appreciated.
About common name field, it was suggestion. According to link below in 14.1.4 version it isn't necessary. F5 matches SNI with SAN list.
Unfortunately, I don't have any more ideas how to solve it. Looks like a bug and reason to open a support case.
https://support.f5.com/csp/article/K13452
"For Server Name, enter the name of the HTTPS site.
Note: Beginning in BIG-IP 11.6.0, if you leave Server Name blank, the BIG-IP system reads the Subject Alternative Name (SAN) from the certificate. For versions prior to BIG-IP 11.6.0, if you leave Server Name blank, the BIG-IP system reads the Common Name (CN) from the certificate. Additionally, the Server Name setting supports wildcard strings containing the asterisk (*) character. For example, *.domain.com matches a.domain.com or a.bc.domain.com, but it does not match domain.com)."
