Fix non-working certificates

My team provides X509 certificates for many use cases inside of the company network. One such use case is to use them for a sandboxed web service identity. Almost every company engineer uses these web services to test their changes to web sites and APIs in preproduction.

The company has a lot of sites and APIs, so we have thousands of different web service identities. The sandbox certificate had all possible identities encoded as subject alternative names because we didn’t know which identity engineer would use. It led to the size of these certificates going beyond supported for…