CSR subject fields carry information which openssl uses to build the Distinguished Name (DN) inside the CSR. The DN/Subject describes the user/identity of the certificate.

CSR subject fields use the following key syntax.

Note

Place the keys within quotation marks if a string contains a space.

/CN=<string>/OU=<string>/O=<string>/C=<xx>/ST=<xx>/L=<string> 

Example:

"/CN= server1.example.dod.mil/OU=Defense/O=U.S. Government/C=US/ST=Texas/L=Austin"
Note

Since the SBC does not enforce the order that these fields are entered into the system, be sure to enter the fields in the order desired.

Note

At least one of the above keys must be specified in the "Csr Sub" field. The first leading character must be a "/" (forward slash).

Table 1: CSR Subject Fields

CSR Subject Field Example Notes 

Common Name (CN) 

[this field populates the Common Name value in the Certificate’s “Subject” field]

server1.example.dod.mil
or
192.168.2.100 

The IPv4 or IPv6 address, or Fully Qualified Domain Name (FQDN), assigned to this device.


Note

Use of a fully-qualified domain name is recommended because IP addresses can change as the network is redesigned or moves from IPv4 to IPv6, necessitating re-issuance of certificates. Also recent guidance from the JITC PKI lab suggests that IP addresses may not be allowed in the future.

Unit (OU) DefenseEnter the unit associated with the entity controlling this equipment.
(this field can be used multiple times for different designations) 
Organization (O) U.S. Government The organization associated with the entity controlling this equipment. 
Country (C) US

The country associated with the entity controlling this equipment.

State (ST) Texas The state associated with the entity controlling this equipment. 
Locality (L) AustinThe locality associated with the entity controlling this equipment. 
Note

The Local Registration Authority may edit these fields after the CSR has been submitted.

  • No labels