Certificate alternate subject names truncated at 255 characters

Question

I need to be able to verify whether a certificate covers a specific subject.  But I run into scenarios where the alternate subjects are long and the iControl API truncates them at 255 characters.  The BIGIP UI does the same thing but I assumed it was just being truncated for display purposes but it seems it is the actual underlying functionallity.  Is this a known limitation of the iControl java API?&nbsp;
I've seen some other references to 255 characters but not specific to the String value results of iControl 'get' routines.  Maybe I missed this limitation. If the API can't handle the actual result of a 'get' routine it seems like it should return an error of some kind not truncated results.  &nbsp;

arnaud_lemaire · Answer

The maximum length of a DNS name is 255 octets. This is spelled out in RFC 1035 section 2.3.4&nbsp;
2.3.4. Size limits
Various objects and parameters in the DNS have size limits.  They are
listed below.  Some could be easily changed, others are more
fundamental.&nbsp;
labels          63 octets or less&nbsp;
names           255 octets or less&nbsp;
TTL             positive values of a signed 32 bit number.&nbsp;
UDP messages    512 octets or less&nbsp;

nitass · Answer

what version are you running? can you try 11.4.0 or later?&nbsp;

Forum Discussion

Certificate alternate subject names truncated at 255 characters

2 Replies

Recent Discussions

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

Related Content

Re: Management Certificate

Automating ACMEv2 Certificate Management on BIG-IP

F5 RHI Solution an alternative to GSLB load balancing between Datacenters

Automate Let's Encrypt Certificates on BIG-IP

My Security+ Certification Journey