Subject Alternative Name (SAN) Certificates

Question

Hi All,&nbsp;
&nbsp;We're about to install a SAN certificate for a series of FQDN's on the F5. &nbsp;
&nbsp;I've followed F5's guide on how to generate the CSR for SAN certificates but not sure what happens when I need to add a new FQDN to the existing SAN certificate further down the track???&nbsp;&nbsp;

https://support.f5.com/kb/en-us/solutions/public/11000/400/sol11438.html&nbsp;
&nbsp;Example:&nbsp;
&nbsp;CSR generated with following FQDN's:
&nbsp;- https://abc.com
&nbsp;- https://123.abc.com
&nbsp;- https://456.abc.com&nbsp;
&nbsp;Several months later the client has a requirement to also add in another FQDN https://789.abc.com.&nbsp;
&nbsp;Do I have to re-generate the CSR again and get a new SAN certificate from the CA vendor to cover all four FQDN's now???&nbsp;
&nbsp;Thanks.&nbsp;
&nbsp;Andy&nbsp;&nbsp;&nbsp;

hoolio · Answer

Hi Andy, 
&nbsp;  
&nbsp; Yes, if the SAN list needs to change you need to generate a new CSR and get a new certificate.  You could reuse the same private key or generate a new one with the new CSR. 
&nbsp;  
&nbsp; Aaron

hc_andy_35682 · Answer

Thanks Aaron. Good to know this information incase it arises in the future.

Forum Discussion

Subject Alternative Name (SAN) Certificates

2 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

SSL Bridging and FQDN rewrite Policy

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Could not communicate with the system. Try to reload page.

F5 BIG IP laboratory license

F5 mssql health monitor failing

Related Content

Automating Certificate Management on F5 BIG-IP

X509 Subject Formatting

Automating ACMEv2 Certificate Management on BIG-IP

Certificate Automation for BIG-IP using CyberArk Certificate Manager, Self-Hosted

Building an OpenSSL Certificate Authority - Creating Your Root Certificate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS