Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


 

CSR subject fields carry information which openssl uses to build the Distinguished Name (DN) inside the CSR. The DN/Subject describes the user/identity of the certificate.

...

 
Caption
0Table
1CSR Subject Fields



CSR Subject Field Example Notes 

Common Name (CN) 

[this field populates the Common Name value in the Certificate’s “Subject” field]

server1.example.dod.mil
or
192.168.2.100 

The IPv4 or IPv6 address, or Fully Qualified Domain Name (FQDN), assigned to this device.

 


Info
titleNote

Use of a fully-qualified domain name is recommended because IP addresses can change as the network is redesigned or moves from IPv4 to IPv6, necessitating re-issuance of certificates. Also recent guidance from the JITC PKI lab suggests that IP addresses may not be allowed in the future.


Unit (OU) DefenseEnter the unit associated with the entity controlling this equipment.
(this field can be used multiple times for different designations) 
Organization (O) U.S. Government The organization associated with the entity controlling this equipment. 
Country (C) US

The country associated with the entity controlling this equipment.

State (ST) Texas The state associated with the entity controlling this equipment. 
Locality (L) AustinThe locality associated with the entity controlling this equipment. 


Info
titleNote

The Local Registration Authority may edit these fields after the CSR has been submitted.

...