Menu
Is there any limit for subject alternative names in X.509? Also are there any rules for the SAN?
863
SAN certificate availability: DigiCert PKI Platform allows up to 100 SANs with a single certificate.
Subject Alternative Name (SAN) Certificates Depending on the issuing Certificate Authority, SAN certificates can support 100 or more different FQDNs in one certificate.
To add a Subject Alternative NameSelect SSL Certificates and then select Manage for the certificate you want to change. Select Change Subject Alternative Names. For Add a domain, enter the SAN you want to add and then select Add.
The common name can only contain up to one entry: either a wildcard or non-wildcard name. It's not possible to specify a list of names covered by an SSL certificate in the common name field.
1. Also are there any rules for the SAN?
RFC5280 specifies Subject Alternative Names as
SubjectAltName ::= GeneralNames whereby GeneralNames are
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName So, look the up the 'rules' for a GeneralName in the rfc (page 37).
2. Is there any limit for subject alternative names in X.509?
As stated in the same rfc in chapter Appendix B. ASN.1 Notes:
The SIZE (1..MAX) construct constrains the sequence to have at least one entry. MAX indicates that the upper bound is unspecified If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
