Maximum number of SAN (subject alternative names) allowed

Is there any limit for subject alternative names in X.509? Also are there any rules for the SAN?

Solution

1. Also are there any rules for the SAN?

RFC5280 specifies Subject Alternative Names as

SubjectAltName ::= GeneralNames

whereby GeneralNames are

GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

So, look the up the 'rules' for a GeneralName in the rfc (page 37).

2. Is there any limit for subject alternative names in X.509?

As stated in the same rfc in chapter Appendix B. ASN.1 Notes:

The SIZE (1..MAX) construct constrains the sequence to have at least
one entry.  MAX indicates that the upper bound is unspecified

configure Git to accept a particular self-signed server certificate for a particular https remote
Trust Anchor not found for Android SSL Connection
SSL Certificate add failed, Error: 183 Cannot create a file when that file already exists - How to bound certificate to ipport?
Converting a Java Keystore into PEM Format
Specifying Arduino WiFiClientSecure Certificates
PKIX path building failed: unable to find valid certification path to requested target on chaincode commit on Hyperledger Fabric production network
OkHTTP (v3.0.0-RC1) Post Request with Parameters
SSL handshake error (CERTIFICATE_VERIFY_FAILED) in grpc++
Certmanager tries to use HTTPS inside the cluster and fails when it gets self signed certificates
stop Charles from tracking my app's requests without SSL Pinning in iOS
Is a Wild Card SSL Certificate recommended?
How can I solve this problem (unable to submit and sign the csr : Denied by Policy Module 0x80094800)?
Let's Encrypt certificate not trusted on Firefox
how to digitally sign a PDF document with a certificat using Javascript?
Are there any advantages in signing an application?
Find if a certificate is self signed or CA signed
How to convert .crt cetificate file to .pfx
urllib and "SSL: CERTIFICATE_VERIFY_FAILED" Error
Export-PfxCertificate : Cannot export non-exportable private key
Should I share my website's SSL private key with CloudFlare to use its CDN service?
Not able to import .pfx file to azure keyvault
Using multiple SSL certificates in Tomcat 7
Why is my localhost self-signed SSL certificate suddenly invalid in Chrome?
Creating RSA Public Key From String throws exception
How to fix javax.net.ssl.SSLHandshakeException even though i have already added the certificate
Sudden "unable to find valid certification path to requested target"
How to force Visual Studio to re-create the SSL certificate for a .NET Core Web Application running Kestrel?
Azurerm: KeyVault Nested Item should contain 2 or 3 segments, got 10
Indicate several curl options via httr::config(ssl_options = c(LIST OF SEVERAL CURLSSLOPT_) )
SSL certificate rejected trying to access GitHub over HTTPS behind firewall