Advanced settings: Overriding system defaults
DigiCert follows system-enforced rules that take priority over your customization while processing your certificate requests. This is necessary for enforcing security policies and maintaining a consistent level of trust.
Overriding these rules could weaken your security, introduce inconsistencies, or make it easier for malicious actors to obtain certificates.
However, you can bypass these rules if you want more flexibility in your certificates or have unique needs. For example:
If you need to allow custom combinations of key usage or extended key usage extensions.
If you need to define extensions or attributes outside the standard constraints.
Parameters
Use the following advanced flags while defining an object to override the system rules for that object.
Flag | Description |
|---|---|
skip_validation | DigiCert skips default field validation for certificates requested using this template. |
allow_value_override | DigiCert allows certificates requested using this template to override the default field values. |
Example JSON
The following example shows how to override the system rules for the key_usage extension:
"key_usage": {
"critical": true,
"skip_validation": true,
"allow_value_override": true,
"required_usages": {
"rsa": ["cert_sign", "crl_sign"]
}
}