In what is sure to be a long standing record (of sorts) for me (and maybe only me) – I just submitted a CSR to a public provider with 53 domains in the SAN field. This raised the question: “how many entries or names can be in that one field?” I know there has to be some sort of limit.
Handy Dandy, we had a TMG guy in the room, so we asked him. While he did not know off the top of his head, he did have an answer in mere minutes (where I had googled for about 10 and found squat).
So, now we know the field is defined by a database, that a Windows PKI CA is limited to 4k of names, and that somewhere around 150 25 character domain names eat up just under 4k. By extension, we can assume (and we know what that means) that the Public cert providers are following the same RFC and that they will have a similar limit.
How about that? An answer to a question you did not know you had!
Post a Comment