Skip to main content

SAN

SAN allows you to define the subject alternative name extensions in the certificate.

Example JSON: Subject alternative names

With domain name (DNS), user principle name (UPN), and email

{
  ...
  "extensions": {
    "san": {
      "critical": false,
      "dns_name": {
        "include": "yes",
        "auto_include_cn": "no",
        "allowed_source": [
          "csr",
          "fixed_value",
          "user_supplied"
        ]
      },
      "user_principal_name": {
        "include": "yes",
        "allowed_source": [
          "csr",
          "fixed_value",
          "user_supplied"
        ]
      },
      "email": {
        "include": "yes",
        "allowed_source": [
          "csr",
          "fixed_value",
         "user_supplied"
      ]
    }
  }
}

With other name hardware module name

{
  ...
  "extensions": {
    "san": {
      "critical": false,
      "other_name": {
        "required_types": [
          "hardware_module_name"
        ],
        "hardware_module_name": {
          "type": "1.2.240.458.10003.3.12",
          "serial_num": "aabbcc001122"
        },
      }
    }
  }
}

With other name raw types

{
  ...
  "extensions": {
    "san": {
      "critical": false,
      "other_name": {
        "required_raw_types": [
          "1.2.3.456.7890.1",
          "1.2.3.456.7890.2"
        ],
        "optional_raw_types": [
	  "1.2.3.456.7890.3",
          "1.2.3.456.7890.4"
        ]
      }
    }
  }
}

Parameters: Subject alternative names

Name

Type

Req/Opt

Description

san

object

optional

Subject alternative name (SAN) extension details

.. critical

boolean

optional

If true, the SAN extension is critical. If false (default), the SAN extension is not critical.

.. dns_name

object

optional

DNS name details

.. .. include

string

optional

Define if the SAN DNS name should be included in the certificate.

Possible values:

  • yes: include SAN DNS name in the certificate

  • optional: if provided, include SAN DNS name in the certificate

  • no (default): do not include SAN DNS name in the certificate

.. .. auto_include_on

string

optional

Define if the common name is included and where it should be in the list of DNS names.

Possible values:

  • top (default): add the common name as the first item in the DNS name list

  • bottom: add the common name as the last item in the DNS name list

  • no: do not add the common name

.. .. allowed_source

array of strings

required

Define the allowed source of the SAN DNS value.

Possible values:

  • csr: Sourced from CSR.

  • user_supplied: Provided in the certificate request. It only applies to the API, Portal, and Batch enrollment methods.

  • fixed_value (default): Defined in the certificate profile. The fixed value is used when no csr or user_supplied value is provided.

.. user_principle_name

object

optional

User principle name (UPN) details

.. .. include

string

optional

Define if the SAN UPN should be included in the certificate.

Possible values:

  • yes: include SAN UPN name in the certificate

  • optional: if provided in the request, include SAN UPN in the certificate

  • no (default): do not include SAN UPN in the certificate

.. .. allowed_source

array of strings

required

Define the allowed source of the SAN UPN value.

Possible values:

  • csr: Sourced from CSR.

  • user_supplied: Provided in the certificate request. It only applies to the API, Portal, and Batch enrollment methods.

  • fixed_value (default): Defined in the certificate profile. The fixed value is used when no csr or user_supplied value is provided.

.. email

object

optional

SAN email details

.. .. include

string

optional

Define if the SAN email should be included in the certificate.

Possible values:

  • yes: include SAN email in the certificate

  • optional: if provided in the request, include SAN email in the certificate

  • no (default): do not include SAN email in the certificate

.. .. allowed_source

array of strings

required

Define the allowed source of the SAN email value.

Possible values:

  • csr: Sourced from CSR.

  • user_supplied: Provided in the certificate request. It only applies to the API, Portal, and Batch enrollment methods.

  • fixed_value (default): Defined in the certificate profile. The fixed value is used when no csr or user_supplied value is provided.

.. other_name

object

optional

Other name details

.. .. required_raw_types

array of strings

conditional

List of required OIDs that must be included in raw input.

Only required when you need to define raw other name.

.. .. optional_raw_types

array of strings

optional

List of optional OIDs that can be included in raw input

Only use when you need to define raw other name.

.. .. required_types

array of strings

conditional

List of required OIDs; should include hardware_module_name.type

Only required when you need to define hardware module name

.. .. hardware_module_name

object

optional

Hardware module name details.

.. .. .. type

string

required

OID

.. .. .. serial_num

string

optional

Hex encoded binary value

In deze sectie: