LetsEncrypt module to use highest priority domain as CN
Currently, when a certificate is issued, the LetsEncrypt module sets the CN of the certificate seemingly randomly from the domain list and all domains as SAN entries.
It would be great if the CN could ALWAYS be the domain configured as priority 1 in the virtual server's ordered domain list.
-
Adrian Noblett
- Feb 28 2024
Related ideas
The randomness is frustrating as we have multiple customer domains configured on the load balancer and having a customer domain appear as the CN instead of our own domain isn't great.
Since certificate lifetimes are going to reduce to 47 days in future, F5 should be very forward leaning on certificate control like this.
I had some customers asking for this too, I think it's important to allow customer to have control of what is used in the Common name and what in SAN.