CSR subject fields carry information which openssl uses to build the Distinguished Name (DN) inside the CSR. The DN/Subject describes the user/identity of the certificate.
CSR subject fields use the following key syntax.
Info |
---|
|
Place the keys within quotation marks if a string contains a space. |
Code Block |
---|
|
/CN=<string>/OU=<string>/O=<string>/C=<xx>/ST=<xx>/L=<string> |
Example:
Code Block |
---|
|
"/CN= server1.example.dod.mil/OU=Defense/O=U.S. Government/C=US/ST=Texas/L=Austin" |
Info |
---|
|
note |
Since the SBC does not enforce the order that these fields are entered into the system, be sure to enter the fields in the order desired. |
note
Info |
---|
|
At least one of the above keys must be specified in the "Csr Sub" field. The first leading character must be a "/" (forward slash). |
Caption |
---|
0 | Table |
---|
1 | CSR Subject Fields |
---|
|
|
CSR Subject Field | Example | Notes |
---|
Common Name (CN) [this field populates the Common Name value in the Certificate’s “Subject” field] | server1.example.dod.mil or 192.168.2.100 | The IPv4 or IPv6 address, or Fully Qualified Domain Name (FQDN), assigned to this device. |
...
| Use of a fully-qualified domain name is recommended because IP addresses can change as the network is redesigned or moves from IPv4 to IPv6, necessitating re-issuance of certificates. Also recent guidance from the JITC PKI lab suggests that IP addresses may not be allowed in the future. |
|
Unit (OU) | Defense | Enter the unit associated with the entity controlling this equipment. (this field can be used multiple times for different designations) |
Organization (O) | U.S. Government | The organization associated with the entity controlling this equipment. |
Country (C) | US | The country associated with the entity controlling this equipment. |
State (ST) | Texas | The state associated with the entity controlling this equipment. |
Locality (L) | Austin | The locality associated with the entity controlling this equipment. |
Infonote |
---|
|
The Local Registration Authority may edit these fields after the CSR has been submitted. |
...