Custom data in TLS certificate


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: sridharg.org

I would like to know if it is possible to add custom data to TLS certificate? Let’s say I want to create a new CNAME blog.sridharg.org and have a TLS certificate issued by letsencrypt. Is it possible to include custom data to the certificate that also gets signed by letsencrypt? Or will letsencrypt filter out any custom data?

Thanks,
Sridhar


#2

No. However, you can include up to 100 SANs on the certificate; this is how you’d cover more than one FQDN on the same cert.


#3

Hi @sridhar87

you have a certificate sridharg.org, now you create a blog blog.sridharg.org and you need a certificate with two names?

Then it’s simple: You create a new certificate with these two names (and ignore the older certificate). And you use the new instead of the old.

So there is no need to change a current certificate.


#4

…which is good, since it’s impossible to do so.


#5

Thanks for the response.

My question was not just about enabling TLS for blog.sridharg.org, but about issuing a new certificate to blog.sridharg.org and adding custom data in that certificate. Is it possible?


#6

Again, no. And since the post needs to be at least 20 characters long, again, no.


#7

What does this mean?

The only thing you can add are “Subject Alternative Name” (SAN). Perhaps you may add some certificate extensions which Letsencrypt accepts.


#8

Hi,

Extending @danb35’s response, whatever things you entered in the CSR, it will be filtered out… (Except subject alternative name aka SAN)

The only way to include more data is to purchase an higher level certificate, which will include some extra information (e.g. city, state, business name / person name, addresses…)

Thank you


#9

Thanks everyone for your replies.


#10

(From a different CA, not from Let’s Encrypt. Let’s Encrypt only over issues domain validated certificates for DNS names.)


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.