3

I'm trying to request a certificate for my.super.long.delegated.domain.com through the AWS console. I have control over long.delegated.domain.com but not over domain.com - it's someone else's and they've delegated long.delegated.domain.com to me. I know from the docs that:

The first domain name you enter cannot exceed 64 octets, including periods. Each subsequent Subject Alternative Name (SAN), however, can be up to 253 octets in length.

I want a certificate for my.super.long.delegated.domain.com, but it is longer than 64 octets (but shorter than 253 octets). The shortest domain I have control over is long.delegated.domain.com which is still longer than 64 octets.

How can I get a certificate covering my.super.long.delegated.domain.com, which doesn't prevent me from making another certificate in another AWS account for my-other.super.long.delegated.domain.com?

MyStackRunnethOver
  • 4,872
  • 2
  • 28
  • 42

1 Answers1

2

Looping back around to share the workaround I found, which is the following:

  1. I got the delegating authority to delegate a shorter domain to me - short.delegated.domain.com.

  2. I used a domain like some.prefix.short.delegated.domain.com as the first domain on my certificate. I did not use this domain for anything other than filling in the first domain.

  3. I added my actual needed domain name, now my.super.long.short.delegated.domain.com.

To be explicit: I did not manage to find a workaround if the delegated domain is longer than 64 octets, other than use a different domain for the first entry.

MyStackRunnethOver
  • 4,872
  • 2
  • 28
  • 42