Reference: DNS SANS injection and replacement¶
TLS Protect Cloud supports adding (injecting) or overwriting (replacing) DNS SANS entries for user-provided certificate signing requests (CSRs).
The following table outlines the features supported by each Certificate Authority (CA) and includes links to their respective documentation, which you may find useful.
| Certificate Authority | Add | Overwrite | Documentation |
|---|---|---|---|
| Entrust | ✅ | ✅ | link |
| DigiCert | ✅ | ✅ | link |
| Microsoft ADCS | ✅ | ❌ | |
| Venafi Trust Protection Platform | ✅ | ❌ | link |
| Zero Touch PKI | ✅ | ✅ | link |
| GlobalSign Atlas | ✅ | ✅ | link |
| GlobalSign MSSL | ✅ | ✅ | link |
| ACME (Let's Encrypt) | ❌ | ❌ | link |
| Venafi Connector CA | ❌ | ❌ | link |
| Built-in: TLS Protect Cloud-generated CSR | ✅ | ✅ | link |
| Built-in: User-provided CSR (without private key) | ❌ | ❌ |