How to find out the max size of certificate attributes

The other day I was asked how many subject alternate names will fit into a single certificate. I asked myself what the best way would be to find out. After a short time of thinking I decided to look at the schema defintion of the CA database. The schema will tell for sure how many characters fit into a certain attribute because the database has to store every attribute for a certificate or a request.

So the answer is pretty simple here: There is no limit how many items fit into an attribute but there is a limit regarding the total size.

To determine the max size of a certificate attribut, just run the following command on the CA computer:

certutil -schema

The output shows information about the max. sizes. Once you have this information, just count the number of characters for an attribute in your certificate request an you know if it fits.


Comments (0)