How to add additional SANs when using a user provided CSR

Applies To:

Trust Protection Platform 15.x


The Venafi product does not generally allow a user to add SANs in addition to those that are already in the CSR due to the fact that not all certificate authorities support it.  However, the method below will allow you add additional SANs.

  1. Login to Webadmin.
  2. Create a new Certificate object.
  3. Upload the CSR using the "User Provided CSR" option.

  4. After uploading the CSR, change the CSR Generation to "Service Generated CSR".  This will allow you to add SANs to the list.

  5. Scroll down and click the Add/Remove button to add the desired SANs.

  6. Now switch the CSR Generation back to "User Provided CSR"
  7. Renew the certificate. 

The new certificate will now include everything from the CSR and the additional SANs.


Was this article helpful?
3 out of 3 found this helpful


  • Avatar
    Hollen Streit

    Running 21.1 and we hit a scenario similar to this;

    We have a team of junior admins whom we do not wish to add to the "Master Admin" role, which is still the only way for someone to gain the login ability for WebAdmin.

    Occasionally they receive a request from an internal customer for a Certificate, and a CSR is provided to our junior admins.  The CSR has one or two SANs, but they request is for more than that.

    In Aperture, there is no "override the SANs" option within the "Create a Certificate" wizard.

    Rather unfortunate.