Select this subject builder to replace DN (Distinguished Name) variables in a template with variables from the CSR (Certificate Signing Request).
Example: building the Common Name from Subject Variables
To build the final DN, the following template expects an enrollment request with subject variables for "First Name" and "Last Name".
When subject variables are sent, any fields in the template are considered required and must be supplied in the request as subject variables.
- name: "Use TemplateSubjectBuilder" unique-id: "CA-1003-PROF-1002" subject-variable-requirements: - name: First Name description: "First Name" required: true - name: Last Name description: "Last Name" required: true subject-builder-config: subject-builder-name: "com.entrust.adminservices.cagw.common.subjects.TemplateSubjectBuilder" properties: template: "cn=<First Name> <Last Name>, ou=CA01,o=pki,dc=test,dc=com"For example, when receiving the following request values.
"subjectVariables" : [ { "type" : "First Name", "value" : "PKI" }, { "type" : "Last Name", "value" : "Test" } ]The template builds the following Distinguished Name.
cn=PKI Test,ou=CA01,o=pki,dc=test,dc=comExample: building the Common Name when no Subject Variables are provided
To build the final DN when no Subject Variables are provided, the following template parses the CSR for common name.
When no subject variables are sent, this configuration will scrape the CN and UID from the CSR. No other fields are supported.
- name: "Use TemplateSubjectBuilder" unique-id: "CA-1003-PROF-1002" subject-builder-config: subject-builder-name: "com.entrust.adminservices.cagw.common.subjects.TemplateSubjectBuilder" properties: template: "cn=<cn>,ou=CA01,o=pki,dc=test,dc=com"Parsing a CSR with multiple common names requires indexing the template output, starting with cn.1. For example;
template: "cn=<cn.1>, cn=<cn.2>, cn=<cn.3>, ou=CA01,o=pki,dc=test,dc=com"The use of <CN> or <cn> should be consistent.