I was just keen to understand if there is any ceiling on how many alt-names (SANs) one can have on a cert provisioned by the PKI engine.
Hmm, couldn’t find a limit in either Vault or Golang’s
crypto/x509 module (just did a quick scan of the code). Still, I’d recommend to not go totally overboard with the number of SANs. For example, Let’s Encrypt has a limit of 100 SANs per certificate: