For iid provisioners use only the csr name if custom sans is disabled.

The provisioner will validate the common name om a list of options.
2020-07-14 12:42:46 -07:00 · 2020-07-14 12:42:46 -07:00 · 69902b0153
commit 69902b0153
parent b11486f41f
1 changed files with 2 additions and 1 deletions
--- a/x509util/templates.go
+++ b/x509util/templates.go
@ -78,10 +78,11 @@ const DefaultLeafTemplate = `{
 // The keyUsage "keyEncipherment" is special and it will be only used for RSA
 // keys.
 const DefaultIIDLeafTemplate = `{
-	"subject": {{ toJson .CR.Subject }},
 	{{- if .SANs }}
+	"subject": {"commonName": "{{ .CR.Subject.CommonName }}"},
 	"sans": {{ toJson .SANs }},
 	{{- else }}
+	"subject": {{ toJson .CR.Subject }},
 	"dnsNames": {{ toJson .CR.DNSNames }},
 	"emailAddresses": {{ toJson .CR.EmailAddresses }},
 	"ipAddresses": {{ toJson .CR.IPAddresses }},