For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mikeygirod_2847's avatar
mikeygirod_2847
Icon for Nimbostratus rankNimbostratus
Oct 19, 2016

when creating a CSR on the LB for a SAN, is there a limitation on the number of names that can be created?

I have created several CSR's for SAN certs but am getting an error when trying to create one that has a high number of URL's - 80 - Is there a limitation to the number of names that can be created fr...
application delivery
LTM
security
Leonardo_Souza's avatar
Leonardo_Souza
Icon for Cirrocumulus rankCirrocumulus
Oct 19, 2016

The solution about SAN that does not indicates any limitation:

 

https://support.f5.com/kb/en-us/solutions/public/13000/400/sol13470.html

 

Also, the RFC does not define a limit:

 

https://tools.ietf.org/html/rfc5280

 

" SubjectAltName ::= GeneralNames

 

GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName"

 

"The construct "SEQUENCE SIZE (1..MAX) OF" appears in several ASN.1 constructs. A valid ASN.1 sequence will have zero or more entries. The SIZE (1..MAX) construct constrains the sequence to have at least one entry. MAX indicates that the upper bound is unspecified. Implementations are free to choose an upper bound that suits their environment."

 

The implementation of the protocol may or may not limit that. However, you will be limited by other protocols limitation, as TLS is limited for example.

 

https://tools.ietf.org/html/rfc5246section-6.2

 

"length The length (in bytes) of the following TLSPlaintext.fragment. The length MUST NOT exceed 2^14."