-
Hi, I have existing CSRs for different client certs that contain an additional emailAddress-Field. I'm using a client cert template with the following data (that skips the usual TLS Server Certificate settings). The subject part is the default from the basic leaf-template.
What is necessary to add the emailaddress? What would I have to change in the template to pass the fields when issuing the certificate? Thank You in advance! Peter |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
The The most common way to set the country, locality, and the rest of the subject fields is to define a template inside the {
"...": "...",
"authority": {
"template": {
"country": "US",
"organization": "Smallstep",
"organizationalUnit": "Smallstep Eng",
"locality": "San Francisco",
"province": "California",
"streetAddress": "1 The Street St"
},
"...": "..."
},
"...": "..."
} These properties will be common in all the certificates unless the template sets a different value. To set a different value, an option is to pass custom values when you sign the certificate using the {
"country": "US",
"organization": "Foo",
"...": "..."
} and you can have a template like yours replacing all the subject subject fields but common name to:
|
Beta Was this translation helpful? Give feedback.
The
emailAddress
in the subject is not currently supported (I recommend you to add a new issue for that), we only support it as a SAN.The most common way to set the country, locality, and the rest of the subject fields is to define a template inside the
"authority"
object of the ca.json. Something like:These properties will be …