Adding SAN to existing SSL certificate.

Question

Hello,&nbsp;
I need to add a new SAN to an existing SSL certificate. e.g. &nbsp;
Existing:&nbsp;
common name: 
SAN: &nbsp;
New:&nbsp;
common name: 
SAN: 
SAN: &nbsp;
Will I need to generate a new public/private key pair containing the new SAN and provide this to the CA or will they just generate a new certificate (containing the additional SAN) which I can import against my existing private key?&nbsp;
Thanks,&nbsp;
Nick. &nbsp;

jinshu · Answer

You might need to add a new certificate including the new domain names with new private keys. You cant just re-use the private keys.&nbsp;
Certificates cannot be modified after they are signed, otherwise they would provide no security.&nbsp;
-Jinshu&nbsp;

kevin_stewart · Answer

You can technically re-use the existing private key to request a new certificate with new attributes.&nbsp;

kevin_stewart · Answer

You can most certainly create a new CSR from an existing private key.&nbsp;
https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs&nbsp;

Forum Discussion

Adding SAN to existing SSL certificate.

3 Replies

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How APM GET IOS UUID & Andriod MAC

Expired client-certificate

F5 Big-IP Trust Internal CA Chain certificates for Web Servers

XC - geo LB to the origin servers

Floating Ip Problem

Related Content

Automating Certificate Management on F5 BIG-IP

Automating ACMEv2 Certificate Management on BIG-IP

Automate Let's Encrypt Certificates on BIG-IP

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Slack Mutual TLS Recipe: Adding X-Client-Certificate-SAN header from client certificate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS