sol11438: Creating SSL SAN certificates and CSRs using OpenSSL

Question

I have a certificate problem where F5 does not include the SAN extension in the generated CSR. See the following doc for details sol13770: The BIG-IP system fails to include the Subject Alternative Name extension while generating a CSR.&nbsp;
The workaround is to use OpenSSL to generate the CSR, see (sol11438). The problem is that I receive the following error for key mismatch when I try to import the certificate signed by CA. Is there away to tell F5 where to look for the private key under /var/tmp/mySSL/www.example.com.key? &nbsp;
01070313:3: Error reading key PEM file /config/filestore/files_d/Common_d/certificate_key_d/:Common:example.com.key_15190_1 for profile /Common/example.com: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch&nbsp;

mimlo_61970 · Answer

You should just need to import the key first. In the web ui, under certificates, do an import, Import type is key, give it a name and then paste/upload the key. You will then see the key in the certificate list. Click it and choose import under the certificate tab, and again paste/upload the certificate.

wonned_165453 · Answer

Issue resolved, thank you !

Forum Discussion

sol11438: Creating SSL SAN certificates and CSRs using OpenSSL

2 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Related Content

Building an OpenSSL Certificate Authority - Creating Your Root Certificate

Building an OpenSSL Certificate Authority - Creating ECC Certificates

Building an OpenSSL Certificate Authority - Creating Your Intermediary Certificate

Creating, Importing and Assigning a CA Certificate Bundle

Create Your Own Certificate Authority