Forum Discussion
character limit f5 subject alternative name
Guys
I am having issue creating .csr in f5. Do we have limit on character for Subject Alternative names? we have 1111 characters including spaces on Subject alternative name however it has an error " error occurred while processing your request". But when I delete few domains about 2 it was successful :( Please help
Thanks
- Leonardo_SouzaCirrocumulus
There was a question/answer some time ago about that, I tried to find without success. If I remember correctly, the limit was based in the implementation, and not the protocol.
These are the 2 solutions about this:
https://support.f5.com/csp/article/K13470
https://support.f5.com/csp/article/K13471
None of them talks about a limit.
- JGCumulonimbus
Was it done via the Configuration Utility or on command line? Did you use the correct format "DNS:example1.com,DNS:example2.com,.... ?
- cathy_123Cirrostratus
Hello Jie!
I have created it in GUI and yes I was using the correct format since I was able to included the remaining 2 DNS when I have remove above 2 DNS. :) Would it be different if I created it in cli I am not very familiar in CLI :(
Thanks!
- JGCumulonimbus
It would be good if it should give a different error message, should it fail again, which could tell us a bit more about this issue. You can follow article K13471, and run the tmsh command from within a shell script, for that would be easier for you to specify all those domains in a file.
- JGCumulonimbus
I have created the following test script and could create some 1000 entries without a problem:
!/bin/sh cd /tmp cp /etc/pki/tls/openssl.cnf /tmp/ > /tmp/alt_names for i in {1..1000}; do echo "DNS.$i=mydomain$i.com" >> /tmp/alt_names; done echo '[SAN]' >> /tmp/openssl.cnf echo 'subjectAltName=@alt_names' >> /tmp/openssl.cnf echo '[alt_names]' >> /tmp/openssl.cnf cat /tmp/alt_names >> /tmp/openssl.cnf openssl req -new -sha256 -key domain.key -subj "/C=US/ST=New York/L=New York/O=Example, Inc./CN=example.com/emailAddress=test@example.com" -reqexts SAN -config /tmp/openssl.cnf -out domain.csr openssl req -text -noout -verify -in domain.csr
There are limits in all systems, but they shouldn't be a problem here.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com