Does Okta Support SAN Certificates when Using an Okta CA for SCEP Challenges
Sep 1, 2025
Okta Classic Engine
Okta Identity Engine
Administration
Overview
When an Okta Certificate Authority (CA) issues a certificate via Simple Certificate Enrollment Protocol (SCEP), the Common Name/Subject is populated, but the Subject Alternative Name (SAN) extension cannot be set. This article details whether it is possible to get the "Subject Alternative Name Value" to populate the SAN extension in the certificate.
Applies To
- Device Trust
- Certificates
- Simple Certificate Enrollment Protocol (SCEP)
Cause
Solution
If certificates with a populated SAN extension are desired, use your own certificate authority (CA). To accomplish this, see Option 2: Provide your own CA section from the Configure a Certificate Authority documentation.
