Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Distinguished Name length constraint in X.509 certificate

In the common name field of the DN of a X509 certificate, as defined in ASN.1 notation for OID "2.5.4.3", the limit is up to 64 characters. Is there any turnaround if we want to have a common name of more than 64 characters?

like image 923
gingerNinja Avatar asked Aug 19 '16 09:08

gingerNinja


1 Answers

Even if you could cajole your certificate generation code to have a longer CN, it's also the clients that will need to change, of which most you have no control over. Clients could well reject a certificate with a too-long CN and then you'll have no certificate at all.

As mentioned in the comments, you can (and should) put that and other domain names into the Subject Alternate Name extension and leave the CN empty. Not the whole "Subject", but just the CN part of it.

like image 53
Chris Cogdon Avatar answered Sep 19 '22 11:09

Chris Cogdon