About Me

My photo
This is a blog for John Weber. One of my joys in life is helping others get ahead in life. Content here will be focused on that from this date forward. John was a Skype for Business MVP (2015-2018) - before that, a Lync Server MVP (2010-2014). I used to write a variety of articles (https://tsoorad.blogspot.com) on technical issues with a smattering of other interests. I have a variety of certifications dating back to Novell CNE and working up through the Microsoft MCP stack to MCITP multiple times. FWIW, I am on my third career - ex-USMC, retired US Army. I have a fancy MBA. The opinions expressed on this blog are mine and mine alone.


Maximum Number of names in a SAN Extension

In what is sure to be a long standing record (of sorts) for me (and maybe only me) – I just submitted a CSR to a public provider with 53 domains in the SAN field.  This raised the question:  “how many entries or names can be in that one field?”  I know there has to be some sort of limit. 

Handy Dandy, we had a TMG guy in the room, so we asked him.  While he did not know off the top of his head, he did have an answer in mere minutes (where I had googled for about 10 and found squat).


So, now we know the field is defined by a database, that a Windows PKI CA is limited to 4k of names, and that somewhere around 150 25 character domain names eat up just under 4k.  By extension, we can assume (and we know what that means) that the Public cert providers are following the same RFC and that they will have a similar limit.

How about that?  An answer to a question you did not know you had!


No comments:

test 02 Feb

this is a test it’s only a test this should be a picture