Limit on X509v3 Subject Alternative Name DNSname length

certificate x509

Solution 1:

RFC 5280 specifies 1..MAX GeneralNames for SubjectAltName in 4.2.1.6:

SubjectAltName ::= GeneralNames
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

In Appendix B. it states that

The construct "SEQUENCE SIZE (1..MAX) OF" appears in several ASN.1 constructs. A valid ASN.1 sequence will have zero or more entries. The SIZE (1..MAX) construct constrains the sequence to have at least one entry. MAX indicates that the upper bound is unspecified. Implementations are free to choose an upper bound that suits their environment.

which means that the limit will be implementation dependent. This CA will sign certs with 150 alternate names, so presumably something will work with that many.

Related

Why does dig +trace sometimes fail against Windows Server DNS?
How to keep script from swallowing all of stdin?
Hive: Add partitions for existing folder structure
Java regex to match start/end tags causes stack overflow
'A value is trying to be set on a copy of a slice from a DataFrame' error while using 'iloc'
Custom Method in LINQ to SQL query
R ifelse avoiding change in date format [duplicate]
Add border to div increase div width?
ORACLE After update trigger: solving ORA-04091 mutating table error
Accessing protected event of TWinControl
NHibernate - Many to Many Query using Junction/Joiner Table
Calling an R function using inline and Rcpp is still just as slow as original R code