update Certificate example and add literalSubject field

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
cert-manager · Jun 5, 2024 · cf233bb · cf233bb
1 parent b0aa36b
commit cf233bb
Showing 1 changed file with 32 additions and 18 deletions.
diff --git a/content/docs/usage/certificate.md b/content/docs/usage/certificate.md
@@ -58,35 +58,58 @@ spec:
     labels:
       my-secret-label: foo
 
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS1
+    size: 2048
+
+  # keystores allows adding additional output formats. This is an example for reference only.
+  keystores:
+    pkcs12:
+      create: true
+      passwordSecretRef:
+        name: example-com-tls-keystore
+        key: password
+      profile: Modern2023
+
   duration: 2160h # 90d
   renewBefore: 360h # 15d
+
+  isCA: false
+  usages:
+    - server auth
+    - client auth
+
   subject:
     organizations:
       - jetstack
   # The use of the common name field has been deprecated since 2000 and is
   # discouraged from being used.
   commonName: example.com
-  isCA: false
-  privateKey:
-    algorithm: RSA
-    encoding: PKCS1
-    size: 2048
-  usages:
-    - server auth
-    - client auth
-  # At least one of a DNS Name, URI, IP address or otherName is required.
+
+  # The literalSubject field is exclusive with subject and commonName. It allows
+  # specifying the subject directly as a string. This is useful for when the order
+  # of the subject fields is important or when the subject contains special types
+  # which can be specified by their OID.
+  #
+  # literalSubject: "O=jetstack, CN=example.com, 2.5.4.42=John, 2.5.4.4=Doe"
+
+  # At least one of commonName (possibly through literalSubject), dnsNames, uris, emailAddresses, ipAddresses or otherNames is required.
   dnsNames:
     - example.com
     - www.example.com
   uris:
     - spiffe://cluster.local/ns/sandbox/sa/example
+  emailAddresses:
+    - john.doe@cert-manager.io
   ipAddresses:
     - 192.168.0.5
   # Needs cert-manager 1.14+ and "OtherNames" feature flag
   otherNames:
     # Should only supply oid of ut8 valued types
     - oid: 1.3.6.1.4.1.311.20.2.3 # User Principal Name "OID"
       utf8Value: upn@example.local
+
   # Issuer references are always required.
   issuerRef:
     name: ca-issuer
@@ -96,15 +119,6 @@ spec:
     # This is optional since cert-manager will default to this value however
     # if you are using an external issuer, change this to that issuer group.
     group: cert-manager.io
-
-  # keystores allows adding additional output formats. This is an example for reference only.
-  keystores:
-    pkcs12:
-      create: true
-      passwordSecretRef:
-        name: example-com-tls-keystore
-        key: password
-      profile: Modern2023
 ```
 
 The signed certificate will be stored in a `Secret` resource named