Performance Issue for more than 100 SAN on single certificate


#1

Hello,

We are planning to issue 100 SAN with a single certificate. Would there be any performance issue ? If yes, what would the implications be ? What highest no# of SAN would be seamlessly supported with a single certificate ?

Thanks in advance.


#2

That depends on your server, but I think probably not (if there’s only one cert existing in your system) and vHost numbers are low…(again, this totally depend on your server hardwares and optimizations.)

Let’s encrypt allows you to get maximum of 100 SANs per certificate (that could be mixed wildcards and single domains)

Thank you


#3

Hi @kantharia

there is another thread:

One certificate with 100 names, Certbot used. The creation needs one hour.


#4

It does seams excessive.


#5

I made Certbot issue a certificate for 100 names. It took 43 seconds. (I used certonly --webroot.)

Whatever’s causing the delay in that thread, it’s not universal.

(I also have a manual auth hook that would take like 2 hours to do the same thing.)


High Server Load and longer time to produce certificates
#6

So I think the best answer is “try it” (!).

(Also remember that if any of the names stop pointing to your services in the future, automated renewal of the certificate will fail.)


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.