Forum Discussion
JG
Jan 17, 2017Cumulonimbus
I have created the following test script and could create some 1000 entries without a problem:
!/bin/sh
cd /tmp
cp /etc/pki/tls/openssl.cnf /tmp/
> /tmp/alt_names
for i in {1..1000}; do echo "DNS.$i=mydomain$i.com" >> /tmp/alt_names; done
echo '[SAN]' >> /tmp/openssl.cnf
echo 'subjectAltName=@alt_names' >> /tmp/openssl.cnf
echo '[alt_names]' >> /tmp/openssl.cnf
cat /tmp/alt_names >> /tmp/openssl.cnf
openssl req -new -sha256 -key domain.key -subj "/C=US/ST=New York/L=New York/O=Example, Inc./CN=example.com/emailAddress=test@example.com" -reqexts SAN -config /tmp/openssl.cnf -out domain.csr
openssl req -text -noout -verify -in domain.csr
There are limits in all systems, but they shouldn't be a problem here.