PassTLSClientCert

    PassTLSClientCert adds the selected data from the passed client TLS certificate to a header.

    Pass the pem in the X-Forwarded-Tls-Client-Cert header.

    Docker

    Kubernetes

    1. apiVersion: traefik.containo.us/v1alpha1
    2. kind: Middleware
    3. metadata:
    4.   name: test-passtlsclientcert
    5. spec:
    6.   passTLSClientCert:
    7.     pem: true

    Consul Catalog

    1. # Pass the pem in the `X-Forwarded-Tls-Client-Cert` header
    2. - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"

    Marathon

    1. "labels": {
    2.   "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem": "true"
    3. }

    Rancher

    1. # Pass the pem in the `X-Forwarded-Tls-Client-Cert` header.
    2. labels:
    3.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"

    File (YAML)

    1. # Pass the pem in the `X-Forwarded-Tls-Client-Cert` header.
    2. http:
    3.   middlewares:
    4.     test-passtlsclientcert:
    5.       passTLSClientCert:
    6.         pem: true

    File (TOML)

    1. # Pass the pem in the `X-Forwarded-Tls-Client-Cert` header.
    2. [http.middlewares]
    3.   [http.middlewares.test-passtlsclientcert.passTLSClientCert]
    4.     pem = true

    Pass the pem in the X-Forwarded-Tls-Client-Cert header

    Docker

    1. # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
    2. labels:
    3.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true"
    4.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true"
    5.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true"
    6.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.serialnumber=true"
    7.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true"
    8.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true"
    9.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true"
    10.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true"
    11.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true"
    12.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organizationalunit=true"
    13.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true"
    14.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true"
    15.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true"
    16.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true"
    17.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true"
    18.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true"
    19.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true"
    20.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true"
    21.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"

    Kubernetes

    1. # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
    2. apiVersion: traefik.containo.us/v1alpha1
    3. kind: Middleware
    4. metadata:
    5.   name: test-passtlsclientcert
    6. spec:
    7.   passTLSClientCert:
    8.     info:
    9.       notAfter: true
    10.       notBefore: true
    11.       sans: true
    12.       subject:
    13.         country: true
    14.         province: true
    15.         locality: true
    16.         organization: true
    17.         organizationalUnit: true
    18.         commonName: true
    19.         serialNumber: true
    20.         domainComponent: true
    21.         country: true
    22.         province: true
    23.         locality: true
    24.         organization: true
    25.         commonName: true
    26.         serialNumber: true
    27.         domainComponent: true

    Consul Catalog

    1. # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
    2. - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true"
    3. - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true"
    4. - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true"
    5. - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true"
    6. - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true"
    7. - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true"
    8. - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true"
    9. - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true"
    10. - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organizationalunit=true"
    11. - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true"
    12. - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true"
    13. - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true"
    14. - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true"
    15. - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true"
    16. - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true"
    17. - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true"
    18. - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true"
    19. - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"

    Marathon

    1. "labels": {
    2.   "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter": "true",
    3.   "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore": "true",
    4.   "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans": "true",
    5.   "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname": "true",
    6.   "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country": "true",
    7.   "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent": "true",
    8.   "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality": "true",
    9.   "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization": "true",
    10.   "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organizationalunit": "true",
    11.   "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province": "true",
    12.   "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber": "true",
    14.   "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country": "true",
    15.   "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent": "true",
    16.   "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality": "true",
    17.   "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization": "true",
    18.   "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province": "true",
    19.   "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber": "true"
    20. }

    Rancher

    1. # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
    2. labels:
    3.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true"
    4.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true"
    5.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true"
    6.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true"
    7.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true"
    8.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true"
    9.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true"
    10.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true"
    11.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organizationalunit=true"
    12.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true"
    13.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true"
    14.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true"
    15.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true"
    16.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true"
    17.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true"
    18.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true"
    19.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true"
    20.   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"

    File (YAML)

    1. # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
    2. http:
    3.   middlewares:
    4.     test-passtlsclientcert:
    5.       passTLSClientCert:
    6.         info:
    7.           notAfter: true
    8.           notBefore: true
    9.           sans: true
    10.           subject:
    11.             country: true
    12.             province: true
    13.             locality: true
    14.             organization: true
    15.             organizationalUnit: true
    16.             commonName: true
    17.             serialNumber: true
    18.             domainComponent: true
    19.           issuer:
    20.             country: true
    21.             province: true
    22.             locality: true
    23.             organization: true
    24.             commonName: true
    25.             serialNumber: true
    26.             domainComponent: true

    File (TOML)

    1. [http.middlewares]
    2.   [http.middlewares.test-passtlsclientcert.passTLSClientCert]
    3.     [http.middlewares.test-passtlsclientcert.passTLSClientCert.info]
    4.       notAfter = true
    5.       notBefore = true
    6.       sans = true
    7.       [http.middlewares.test-passtlsclientcert.passTLSClientCert.info.subject]
    8.         country = true
    9.         province = true
    10.         locality = true
    11.         organization = true
    12.         organizationalUnit = true
    13.         commonName = true
    14.         serialNumber = true
    15.         domainComponent = true
    16.       [http.middlewares.test-passtlsclientcert.passTLSClientCert.info.issuer]
    17.         country = true
    18.         province = true
    19.         locality = true
    20.         organization = true
    21.         commonName = true
    22.         serialNumber = true
    23.         domainComponent = true

    Configuration Options

    PassTLSClientCert can add two headers to the request:

    • X-Forwarded-Tls-Client-Cert that contains the pem.
    • X-Forwarded-Tls-Client-Cert-Info that contains all the selected certificate information in an escaped string.

    Info

    • X-Forwarded-Tls-Client-Cert-Info header value is a string that has been escaped in order to be a valid URL query.
    • These options only work accordingly to the . That is to say, only the certificates that match the clientAuth.clientAuthType policy are passed.

    The following example shows a complete certificate and explains each of the middleware options.

    A complete client TLS certificate

    The pem option sets the X-Forwarded-Tls-Client-Cert header with the certificate.

    In the example, it is the part between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- delimiters:

    The data used by the pem option

    1. -----BEGIN CERTIFICATE-----
    2. MIIGWjCCBUKgAwIBAgIBATANBgkqhkiG9w0BAQUFADCCAYQxEzARBgoJkiaJk/Is
    3. ZAEZFgNvcmcxFjAUBgoJkiaJk/IsZAEZFgZjaGVlc2UxDzANBgNVBAoMBkNoZWVz
    4. ZTERMA8GA1UECgwIQ2hlZXNlIDIxHzAdBgNVBAsMFlNpbXBsZSBTaWduaW5nIFNl
    5. Y3Rpb24xITAfBgNVBAsMGFNpbXBsZSBTaWduaW5nIFNlY3Rpb24gMjEaMBgGA1UE
    6. AwwRU2ltcGxlIFNpZ25pbmcgQ0ExHDAaBgNVBAMME1NpbXBsZSBTaWduaW5nIENB
    7. IDIxCzAJBgNVBAYTAkZSMQswCQYDVQQGEwJVUzERMA8GA1UEBwwIVE9VTE9VU0Ux
    8. DTALBgNVBAcMBExZT04xFjAUBgNVBAgMDVNpZ25pbmcgU3RhdGUxGDAWBgNVBAgM
    9. D1NpZ25pbmcgU3RhdGUgMjEhMB8GCSqGSIb3DQEJARYSc2ltcGxlQHNpZ25pbmcu
    10. Y29tMSIwIAYJKoZIhvcNAQkBFhNzaW1wbGUyQHNpZ25pbmcuY29tMB4XDTE4MTIw
    11. NjExMTAxNloXDTIwMTIwNTExMTAxNlowggF2MRMwEQYKCZImiZPyLGQBGRYDb3Jn
    12. MRYwFAYKCZImiZPyLGQBGRYGY2hlZXNlMQ8wDQYDVQQKDAZDaGVlc2UxETAPBgNV
    13. BAoMCENoZWVzZSAyMR8wHQYDVQQLDBZTaW1wbGUgU2lnbmluZyBTZWN0aW9uMSEw
    14. HwYDVQQLDBhTaW1wbGUgU2lnbmluZyBTZWN0aW9uIDIxFTATBgNVBAMMDCouY2hl
    15. ZXNlLm9yZzEVMBMGA1UEAwwMKi5jaGVlc2UuY29tMQswCQYDVQQGEwJGUjELMAkG
    16. A1UEBhMCVVMxETAPBgNVBAcMCFRPVUxPVVNFMQ0wCwYDVQQHDARMWU9OMRkwFwYD
    17. VQQIDBBDaGVlc2Ugb3JnIHN0YXRlMRkwFwYDVQQIDBBDaGVlc2UgY29tIHN0YXRl
    18. MR4wHAYJKoZIhvcNAQkBFg9jZXJ0QGNoZWVzZS5vcmcxHzAdBgkqhkiG9w0BCQEW
    19. EGNlcnRAc2NoZWVzZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
    20. AQDed/qNA3AwOd1RG8xg26laE7Gv/izGOJuICg+O2RuhHa8NZuQTW7xdNpLXXtD6
    21. iCnTeOGB3piyqSI/v4qvEpJj1KnD8uR+0tyixTkceuvXEnBjLkFH4PAI6Ny+CQHs
    22. KAmvNdd5nFA10Wvlh3s09tIxZR0YQmlsBBGD/kSukJItC3U5V2LmFy9HK8dT3RAt
    23. yeMGE9K5umMuPH2Da9aJycydTb+f6KN72siZK7pm1o74QUGgydBeyBGkVUqTg4dj
    24. BGNBnPtoBGfCcS/yZR0CXRXbLNkEaYXCfQ3qO6yF+NSPD8VwskXh7LJUC+n3grSb
    25. Gy25JdSryo9bRD4V3bh/t+75AgMBAAGjgeAwgd0wDgYDVR0PAQH/BAQDAgWgMAkG
    26. A1UdEwQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQW
    27. BBSUunN4oof7WCgoz5g7wkVwFm4pLzAfBgNVHSMEGDAWgBQeUqLoVNU369WoHeTC
    28. BB034vdwAzBhBgNVHREEWjBYggwqLmNoZWVzZS5vcmeCDCouY2hlZXNlLm5ldIIM
    29. Ki5jaGVlc2UuY29thwQKAAEAhwQKAAECgQ90ZXN0QGNoZWVzZS5vcmeBD3Rlc3RA
    30. Y2hlZXNlLm5ldDANBgkqhkiG9w0BAQUFAAOCAQEAdmsFsA40EbGDmZHcrhviCBWL
    31. FrKbJxwCrLXfG9DQdaQrLFxl7Zmr983+OD/DmiIxG6yMHML5XdR1ei5yx4WpBK+f
    32. KszTlnXwjsfGdkisRaS5Ah4vwBXEBwiSyydQZ6HIBcU6s6ZIvuvVWauiG5UwcRNb
    33. CppzO2DMENBqx+XXiy/5Lpjy/4EUJAnjS1VXCRoidPH2QBMxQ4lxCpYaBYIfgzqH
    34. mxcl71pV8i3NDU3kgVi2440JYpoMveTlXPCV2svHNCw0X238YHsSW4b93yGJO0gI
    35. ML9n/4zmm1PMhzZHcEA72ZAq0tKCxpz10djg5v2qL5V+Oaz8TtTOZbPsxpiKMQ==
    36. -----END CERTIFICATE-----

    Extracted data

    The delimiters and \n will be removed. If there are more than one certificate, they are separated by a “,“.

    X-Forwarded-Tls-Client-Cert value could exceed the web server header size limit

    The header size limit of web servers is commonly between 4kb and 8kb. If that turns out to be a problem, and if reconfiguring the server to allow larger headers is not an option, one can alleviate the problem by selecting only the interesting parts of the cert, through the use of the info options described below. (And by setting pem to false).

    The info option selects the specific client certificate details you want to add to the header.

    The value of the header is an escaped concatenation of all the selected certificate details. But in the following, unless specified otherwise, all the header values examples are shown unescaped, for readability.

    The following example shows such a concatenation, when all the available fields are selected:

    1. Subject="DC=org,DC=cheese,C=FR,C=US,ST=Cheese org state,ST=Cheese com state,L=TOULOUSE,L=LYON,O=Cheese,O=Cheese 2,CN=*.example.com";Issuer="DC=org,DC=cheese,C=FR,C=US,ST=Signing State,ST=Signing State 2,L=TOULOUSE,L=LYON,O=Cheese,O=Cheese 2,CN=Simple Signing CA 2";NB="1544094616";NA="1607166616";SAN="*.example.org,*.example.net,*.example.com,[email protected],[email protected],10.0.1.0,10.0.1.2"

    If there are more than one certificate, they are separated by a ,.

    info.serialNumber

    Set the info.serialNumber option to true to add the Serial Number of the certificate.

    The data is taken from the following certificate part:

    1. Serial Number:
    2.    6a:2f:20:f8:ce:8d:48:52:ba:d9:bb:be:60:ec:bf:79

    And it is formatted as follows in the header (decimal representation):

    1. SerialNumber="141142874255168551917600297745052909433"

    info.notAfter

    Set the info.notAfter option to true to add the Not After information from the Validity part.

    The data is taken from the following certificate part:

    1. Validity
    2.     Not After : Dec  5 11:10:16 2020 GMT

    And it is formatted as follows in the header:

    1. NA="1607166616"

    info.notBefore

    Set the info.notBefore option to true to add the Not Before information from the Validity part.

    The data is taken from the following certificate part:

    1. Validity
    2.     Not Before: Dec  6 11:10:16 2018 GMT

    And it is formatted as follows in the header:

    1. NB="1544094616"

    info.sans

    Set the info.sans option to true to add the Subject Alternative Name information from the Subject Alternative Name part.

    The data is taken from the following certificate part:

    1. X509v3 Subject Alternative Name:
    2.    DNS:*.example.org, DNS:*.example.net, DNS:*.example.com, IP Address:10.0.1.0, IP Address:10.0.1.2, email:[email protected], email:[email protected]

    And it is formatted as follows in the header:

    1. SAN="*.example.org,*.example.net,*.example.com,[email protected],[email protected],10.0.1.0,10.0.1.2"

    Multiple values

    The SANs are separated by a ,.

    info.subject

    The info.subject selects the specific client certificate subject details you want to add to the X-Forwarded-Tls-Client-Cert-Info header.

    The data is taken from the following certificate part:

    1. Subject: DC=org, DC=cheese, O=Cheese, O=Cheese 2, OU=Simple Signing Section, OU=Simple Signing Section 2, CN=*.example.org, CN=*.example.com, C=FR, C=US, L=TOULOUSE, L=LYON, ST=Cheese org state, ST=Cheese com state/[email protected]/[email protected]
    info.subject.country

    Set the info.subject.country option to true to add the country information into the subject.

    The data is taken from the subject part with the C key.

    And it is formatted as follows in the header:

    1. C=FR,C=US
    info.subject.province

    Set the info.subject.province option to true to add the province information into the subject.

    The data is taken from the subject part with the ST key.

    And it is formatted as follows in the header:

    1. ST=Cheese org state,ST=Cheese com state
    info.subject.locality

    Set the info.subject.locality option to true to add the locality information into the subject.

    The data is taken from the subject part with the L key.

    And it is formatted as follows in the header:

    info.subject.organization

    Set the info.subject.organization option to true to add the organization information into the subject.

    The data is taken from the subject part with the O key.

    And it is formatted as follows in the header:

    1. O=Cheese,O=Cheese 2
    info.subject.organizationalUnit

    Set the info.subject.organizationalUnit option to true to add the organizationalUnit information into the subject.

    The data is taken from the subject part with the OU key.

    1. OU=Cheese Section,OU=Cheese Section 2
    info.subject.commonName

    Set the info.subject.commonName option to true to add the commonName information into the subject.

    The data is taken from the subject part with the CN key.

    And it is formatted as follows in the header:

    1. CN=*.example.com
    info.subject.serialNumber

    Set the info.subject.serialNumber option to true to add the serialNumber information into the subject.

    The data is taken from the subject part with the SN key.

    And it is formatted as follows in the header:

    1. SN=1234567890
    info.subject.domainComponent

    Set the info.subject.domainComponent option to true to add the domainComponent information into the subject.

    The data is taken from the subject part with the DC key.

    And it is formatted as follows in the header:

    1. DC=org,DC=cheese

    info.issuer

    The info.issuer selects the specific client certificate issuer details you want to add to the X-Forwarded-Tls-Client-Cert-Info header.

    The data is taken from the following certificate part:

    1. Issuer: DC=org, DC=cheese, O=Cheese, O=Cheese 2, OU=Simple Signing Section, OU=Simple Signing Section 2, CN=Simple Signing CA, CN=Simple Signing CA 2, C=FR, C=US, L=TOULOUSE, L=LYON, ST=Signing State, ST=Signing State 2/[email protected]/[email protected]
    info.issuer.country

    Set the info.issuer.country option to true to add the country information into the issuer.

    The data is taken from the issuer part with the C key.

    And it is formatted as follows in the header:

    1. C=FR,C=US
    info.issuer.province

    Set the info.issuer.province option to true to add the province information into the issuer.

    The data is taken from the issuer part with the ST key.

    And it is formatted as follows in the header:

    1. ST=Signing State,ST=Signing State 2
    info.issuer.locality

    Set the info.issuer.locality option to true to add the locality information into the issuer.

    The data is taken from the issuer part with the L key.

    And it is formatted as follows in the header:

    1. L=TOULOUSE,L=LYON
    info.issuer.organization

    Set the info.issuer.organization option to true to add the organization information into the issuer.

    The data is taken from the issuer part with the O key.

    And it is formatted as follows in the header:

    1. O=Cheese,O=Cheese 2
    info.issuer.commonName

    Set the info.issuer.commonName option to true to add the commonName information into the issuer.

    The data is taken from the issuer part with the CN key.

    And it is formatted as follows in the header:

    1. CN=Simple Signing CA 2
    info.issuer.serialNumber

    Set the info.issuer.serialNumber option to true to add the serialNumber information into the issuer.

    The data is taken from the issuer part with the SN key.

    And it is formatted as follows in the header:

    1. SN=1234567890
    info.issuer.domainComponent

    Set the info.issuer.domainComponent option to true to add the domainComponent information into the issuer.

    The data is taken from the issuer part with the key.

    1. DC=org,DC=cheese