You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

 

CSR subject fields carry information which openssl uses to build the Distinguished Name (DN) inside the CSR. The DN/Subject describes the user/identity of the certificate.

CSR subject fields use the following key syntax.

/CN=<string>/OU=<string>/O=<string>/C=<xx>/ST=<xx>/L=<string> 

Example:

/CN= server1.example.dod.mil/OU=Defense/O=U.S. Government/C=US/ST=Texas/L=Austin

Since the SBC does not enforce the order that these fields are entered into the system, be sure to enter the fields in the order desired.

At least one of the above keys must be specified in the "Csr Sub" field. The first leading character must be a "/" (forward slash).

CSR Subject Fields

 
CSR Subject Field Example Notes 

Common Name (CN) 

[this field populates the Common Name value in the Certificate’s “Subject” field]

server1.example.dod.mil
or
192.168.2.100 

The IPv4 or IPv6 address, or Fully Qualified Domain Name (FQDN), assigned to this device.

 

Use of a fully-qualified domain name is recommended because IP addresses can change as the network is redesigned or moves from IPv4 to IPv6, necessitating re-issuance of certificates. Also recent guidance from the JITC PKI lab suggests that IP addresses may not be allowed in the future.

Unit (OU) DefenseEnter the unit associated with the entity controlling this equipment.
(this field can be used multiple times for different designations) 
Organization (O) U.S. Government The organization associated with the entity controlling this equipment. 
Country (C) US

The country associated with the entity controlling this equipment.

State (ST) Texas The state associated with the entity controlling this equipment. 
Locality (L) AustinThe locality associated with the entity controlling this equipment. 

The Local Registration Authority may edit these fields after the CSR has been submitted.

  • No labels