You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/en/docs/reference/access-authn-authz/certificate-signing-requests.md
+5-6Lines changed: 5 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -67,12 +67,11 @@ Custom signerNames can also be specified. All signers should provide information
67
67
This includes:
68
68
69
69
1.**Trust distribution**: how trust (CA bundles) are distributed.
70
-
1.**Permitted subjects**: any restrictions on and behavior when a disallowed subject is requested.
71
-
1.**Permitted x509 extensions**: including IP subjectAltNames, DNS subjectAltNames, Email subjectAltNames, URI subjectAltNames etc, and behavior when a disallowed extension is requested.
72
-
1.**Permitted key usages / extended key usages**: any restrictions on and behavior when usages different than the signer-determined usages are specified in the CSR.
73
-
1.**Expiration/certificate lifetime**: whether it is fixed by the signer, configurable by the admin, determined by the CSR object etc
74
-
and the behavior when an expiration is different than the signer-determined expiration that is specified in the CSR.
75
-
1.**CA bit allowed/disallowed**: and behavior if a CSR contains a request a for a CA certificate when the signer does not permit it.
70
+
1.**Permitted subjects**: any restrictions on requested subjects, and the behavior when a disallowed subject is requested.
71
+
1.**Permitted x509 extensions**: including IP subjectAltNames, DNS subjectAltNames, Email subjectAltNames, URI subjectAltNames etc, and the behavior when a disallowed extension is requested.
72
+
1.**Permitted key usages / extended key usages**: any restrictions on requested usages, and the behavior when usages different than the signer-determined usages are specified in the CSR.
73
+
1.**Expiration/certificate lifetime**: whether it is fixed by the signer, configurable by the admin, determined by the CSR object etc, and the behavior when an expiration different than the signer-determined expiration is specified in the CSR.
74
+
1.**CA bit allowed/disallowed**: the behavior if a CSR contains a request for a CA certificate when the signer does not permit it.
76
75
77
76
Commonly, the `status.certificate` field contains a single PEM-encoded X.509
78
77
certificate once the CSR is approved and the certificate is issued. Some
0 commit comments