hashicorp · kitography · Jan 9, 2025 · Jan 6, 2025 · Jan 7, 2025 · Jan 7, 2025
@@ -2758,6 +2758,29 @@ do so, import a new issuer and a new `issuer_id` will be assigned.
 ~> **Note**: If no cluster-local address is present and templating is used,
    issuance will fail.
 
+- `disable_critical_extension_checks` `(bool: false)` <EnterpriseAlert inline="true"/> - This determines whether this issuer is able
+  to issue certificates where the chain of trust (including the issued
+  certificate) contain critical extensions not processed by vault, breaking the
+  behavior required by [RFC 5280 Section 6.1](https://www.rfc-editor.org/rfc/rfc5280#section-6.1).
+
+- `disable_path_length_checks` `(bool: false)` <EnterpriseAlert inline="true"/> - This determines whether this issuer is able
+  to issue certificates where the chain of trust (including the final issued
+  certificate) is longer than allowed by a certificate authority in that chain,
+  breaking the behavior required by
+ [RFC 5280 Section 4.2.1.9](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.9).
+
+- `disable_name_checks` `(bool: false)` <EnterpriseAlert inline="true"/> - This determines whether this issuer is able
+  to issue certificates where the chain of trust (including the final issued
+  certificate) contains a link in which the subject of the issuing certificate
+  does not match the named issuer of the certificate it signed, breaking the
+  behavior required by [RFC 5280 Section 4.1.2.4](https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.4).
+
+- `disable_name_constraint_checks` `(bool: false)` <EnterpriseAlert inline="true"/> - This determines whether this issuer is able
+  to issue certificates where the chain of trust (including the final issued
+  certificate) violates the name constraints critical extension of one of the
+  issuer certificates in the chain, breaking the behavior required by
+  [RFC 5280 Section 4.2.1.10](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.10).
+
 #### Sample payload
 
 ```json