A TLS client can not make any assumption about the size of a certificate. Certificates can include images, texts, lists and much more. Assuming that a certificate has a certain size is going to lead to problems in your software.

Certificate with many, many subject Alt Names

This site presents a certificate with a very long list of subjects. The certificate in itself is over 20 kbytes.

This certificate is valid.While most certificates doesn’t have this amount of subjects, there are certificates that have a lot of subjects that a client needs to validate. Check the certificate of https://youtube.com as an example.

Make sure your client goes through the list and validates the site properly.

 

This certificate has a very long list of host names it is valid for.

This certificate has a very long list of host names it is valid for.

tls-o-matic-success

 

 

tls-o-matic-next