F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Dave1013_121746's avatar
Dave1013_121746
Icon for Nimbostratus rankNimbostratus
Oct 30, 2014

Certificate alternate subject names truncated at 255 characters

I need to be able to verify whether a certificate covers a specific subject. But I run into scenarios where the alternate subjects are long and the iControl API truncates them at 255 characters. The BIGIP UI does the same thing but I assumed it was just being truncated for display purposes but it seems it is the actual underlying functionallity. Is this a known limitation of the iControl java API?

 

I've seen some other references to 255 characters but not specific to the String value results of iControl 'get' routines. Maybe I missed this limitation. If the API can't handle the actual result of a 'get' routine it seems like it should return an error of some kind not truncated results.

 

application delivery
devops
iControl
LTM
management

2 Replies

  • Arnaud_Lemaire's avatar
    Arnaud_Lemaire
    Icon for Employee rankEmployee
    Oct 31, 2014

    The maximum length of a DNS name is 255 octets. This is spelled out in RFC 1035 section 2.3.4

     

    2.3.4. Size limits Various objects and parameters in the DNS have size limits. They are listed below. Some could be easily changed, others are more fundamental.

     

    labels 63 octets or less

     

    names 255 octets or less

     

    TTL positive values of a signed 32 bit number.

     

    UDP messages 512 octets or less

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Nov 03, 2014

    what version are you running? can you try 11.4.0 or later?