CSR subject fields carry information which openssl uses to build the Distinguished Name (DN) inside the CSR. The DN/Subject describes the user/identity of the certificate.
CSR subject fields use the following key syntax.
Note
Place the keys within quotation marks if a string contains a space.
/CN=<string>/OU=<string>/O=<string>/C=<xx>/ST=<xx>/L=<string>
Example:
"/CN= server1.example.dod.mil/OU=Defense/O=U.S. Government/C=US/ST=Texas/L=Austin"
Note
Since the SBC does not enforce the order that these fields are entered into the system, be sure to enter the fields in the order desired.
Note
At least one of the above keys must be specified in the "Csr Sub" field. The first leading character must be a "/" (forward slash).
Table 1: CSR Subject Fields
| CSR Subject Field | Example | Notes |
|---|---|---|
Common Name (CN) [this field populates the Common Name value in the Certificate’s “Subject” field] | server1.example.dod.mil or 192.168.2.100 | The IPv4 or IPv6 address, or Fully Qualified Domain Name (FQDN), assigned to this device. Note
Use of a fully-qualified domain name is recommended because IP addresses can change as the network is redesigned or moves from IPv4 to IPv6, necessitating re-issuance of certificates. Also recent guidance from the JITC PKI lab suggests that IP addresses may not be allowed in the future. |
| Unit (OU) | Defense | Enter the unit associated with the entity controlling this equipment. (this field can be used multiple times for different designations) |
| Organization (O) | U.S. Government | The organization associated with the entity controlling this equipment. |
| Country (C) | US | The country associated with the entity controlling this equipment. |
| State (ST) | Texas | The state associated with the entity controlling this equipment. |
| Locality (L) | Austin | The locality associated with the entity controlling this equipment. |
Note
The Local Registration Authority may edit these fields after the CSR has been submitted.
Overview
Content Tools