First published on TECHNET on Feb 26, 2007
The other day I was asked how many subject alternate names will fit into a single certificate. I asked myself what the best way would be to find out. After a short time of thinking I decided to look at the schema defintion of the CA database. The schema will tell for sure how many characters fit into a certain attribute because the database has to store every attribute for a certificate or a request.
So the answer is pretty simple here: There is no limit how many items fit into an attribute but there is a limit regarding the total size.
To determine the max size of a certificate attribut, just run the following command on the CA computer:
certutil -schema
The output shows information about the max. sizes. Once you have this information, just count the number of characters for an attribute in your certificate request an you know if it fits.
Carsten
Updated Feb 20, 2020
Version 3.0MS2065
Microsoft
Joined January 09, 2020
Core Infrastructure and Security Blog
Follow this blog board to get notified when there's new activity