Worked on enhancing TLS certificate management in the Azure/cyclecloud-open-ondemand repository by improving OpenSSL Subject Alternative Name (SAN) generation for on-demand clients. Addressed the challenge of differentiating between IP and DNS SAN entries by analyzing the ood_fqdn format, which reduced certificate issuance failures and streamlined client onboarding. The solution was delivered as a focused code change, encapsulated in a single commit, and demonstrated careful attention to security and reliability in certificate validation flows. Utilized Ansible, DevOps practices, and YAML to implement the enhancement, ensuring that TLS onboarding processes became more robust and aligned with best practices for SSL configuration.