Infisical Certificate Manager: Support CSR with unknown fields #5696
Closed
NothingTooSerious
started this conversation in
Feature Request
Replies: 2 comments
-
|
Hey @NothingTooSerious! You should be able to add these to your certificate policy since these fields are supported under the subject attributes 
|
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Hi, |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
An enhancement is needed to support creating custom fields in the template policy or allow CSR with unknown fields to be transparently presented to the upstream CA for signing.
Often embedded clients do not support importing certificates, instead they generate a private key locally and create a CSR for signing. Typically the CSR can be presented to Lets Encrypt, signed and then successfully imported back into the embedded client.
This CSR may include fields that can not be removed, including:
Infisical does not support editing the template policy to handle CSR with such fields present. This prevents Infisical from forwarding the CSR to an upstream provider for signing.
Today, Infisical is very strict and rejects the CSR contains any unknown fields with the following error messages:
Reproduction
Expect a signed certificate, instead get the error messages.
Beta Was this translation helpful? Give feedback.
All reactions