In the SSL Partner Center client may get the following Warning message:
The Certificate Signing Request field allows a maximum of 4000 characters. You have
exceeded the limit.
Causes:
This warning message is caused by the following reasons.
- When generating the CSR on a Windows IIS or Exchange system using the Renew.. feature that IIS and Exchange provides causes a glitch and creates an abnormally long and corrupted CSR that exceeds 4000 characters.
- The CSR itself was generated with many SAN. This will cause the CSR to be abnormally long reaching the character limit.
Resolutions:
Resolution will vary depending on its cause.
- If the CSR was created using the Renew.. feature on a Windows IIS or Exchange system the client must generate a brand new CSR instead of using the renewal feature that Windows provides. New CSR generation instructions can be found here.
- Do not enter SANs in the CSR. Instead generate a new CSR with no SANs and manually enter the requested SANs when enrolling for the SSL certificate within the portal.
- Another option is to shorten the amount of SANs on the CSR.
- Typically the CSR field will accept a CSR with 25 SAN’s on a 2048 bit keypair. Manually enter the rest within the enrollment portal if more SANs are desired for this one SSL certificate order.