Reference: DNS SANS injection and replacement¶
Certificate Manager - SaaS supports adding (injecting) or overwriting (replacing) DNS SANS entries for user-provided certificate signing requests (CSRs).
The following table outlines the features supported by each Certificate Authority (CA) and includes links to their respective documentation, which you may find useful.
| Certificate Authority | Add | Overwrite | Documentation |
|---|---|---|---|
| Entrust | ✅ | ✅ | link |
| DigiCert | ✅ | ✅ | link |
| Microsoft ADCS | ✅ | ❌ | |
| Certificate Manager - Self-Hosted. | ✅ | ❌ | link |
| Zero Touch PKI | ✅ | ✅ | link |
| GlobalSign Atlas | ✅ | ✅ | link |
| GlobalSign MSSL | ✅ | ✅ | link |
| ACME (Let's Encrypt) | ❌ | ❌ | link |
| Venafi Connector CA | ❌ | ❌ | link |
| Built-in: Certificate Manager - SaaS-generated CSR | ✅ | ✅ | link |
| Built-in: User-provided CSR (without private key) | ❌ | ❌ |