By default, OpenXPKI reads only the CN of the subject of the requesting certificate. The rest of the information, such as country, locality, and DC, are hard‑coded. For example, if a certificate subject is C=US, ST=KY, L=Lexington, O=Lexmark, OU=ISS, CN=ET0021B7C34AEC.dhcp.dev.lexmark.com, then after signing the certificate through SCEP, the subject is changed to DC=Test Deployment, DC= OpenXPKI, CN=ET0021B7C34AEC.dhcp.dev.lexmark.com.
Note: REALM NAME is the name of the realm. For example, ca‑one.
In /etc/openxpki/config.d/realm/REALM NAME/profile/I18N_OPENXPKI_PROFILE_TLS_SERVER.yaml, from the enroll section, change the value of dn to the following:
CN=[% CN.0 %][% IF OU %][% FOREACH entry = OU %],OU=[% entry %][% END %][% END %][% IF O %][% FOREACH entry = O %],O=[% entry %][% END %][% END %][% IF L %],L=[% L.0 %][% END %][% IF ST %],ST=[% ST.0 %][% END %][% IF C %],C=[% C.0 %][% END %][% IF DC %][% FOREACH entry = DC %],DC=[% entry %][% END %][% END %][% IF EMAIL %][% FOREACH entry = EMAIL %],EMAIL=[% entry %][% END %][% END %]
Save the file.
Create a file titled l.yaml in the /etc/openxpki/config.d/realm/REALM NAME/profile/template directory.
Add the following:
id: L
label: L
description: I18N_OPENXPKI_UI_PROFILE_L_DESC
preset: L
type: freetext
width: 60
placeholder: Kolkata
Save the file.
Create a file titled st.yaml in the /etc/openxpki/config.d/realm/REALM NAME/profile/template directory.
Add the following:
id: ST
label: ST
description: I18N_OPENXPKI_UI_PROFILE_ST_DESC
preset: ST
type: freetext
width: 60
placeholder: WB
Save the file.
Note: OpenXPKI must own both files and must be readable, writable, and executable.
Restart the OpenXPKI service using openxpkictl restart.