Subject Alternative Name (SAN) Certificates

Question

Hi All,&nbsp;
&nbsp;We're about to install a SAN certificate for a series of FQDN's on the F5. &nbsp;
&nbsp;I've followed F5's guide on how to generate the CSR for SAN certificates but not sure what happens when I need to add a new FQDN to the existing SAN certificate further down the track???&nbsp;&nbsp;

https://support.f5.com/kb/en-us/solutions/public/11000/400/sol11438.html&nbsp;
&nbsp;Example:&nbsp;
&nbsp;CSR generated with following FQDN's:
&nbsp;- https://abc.com
&nbsp;- https://123.abc.com
&nbsp;- https://456.abc.com&nbsp;
&nbsp;Several months later the client has a requirement to also add in another FQDN https://789.abc.com.&nbsp;
&nbsp;Do I have to re-generate the CSR again and get a new SAN certificate from the CA vendor to cover all four FQDN's now???&nbsp;
&nbsp;Thanks.&nbsp;
&nbsp;Andy&nbsp;&nbsp;&nbsp;

hooleylist · Answer

Hi Andy, 
&nbsp;  
&nbsp; Yes, if the SAN list needs to change you need to generate a new CSR and get a new certificate.  You could reuse the same private key or generate a new one with the new CSR. 
&nbsp;  
&nbsp; Aaron

hc_andy_35682 · Answer

Thanks Aaron. Good to know this information incase it arises in the future.

Forum Discussion

Subject Alternative Name (SAN) Certificates

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

Automating ACMEv2 Certificate Management on BIG-IP

X509 Subject Formatting

Re: Management Certificate

F5 RHI Solution an alternative to GSLB load balancing between Datacenters

Automate Let's Encrypt Certificates on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS