We are trying to use the Vault PKI to sign certificate requests for devices and the platforms running on them.
In order to use the certificate to identify the device and the platform we are trying to conform to the Trusted Computing Group (TCG) standards.
TCG Standards Link: TCG Standards link
The Platform certificate suggestion (Section 3.2 in the above document) is to have the Platform attributes (Manufacturer, Model, Version, Serial, ManufacturerId) embedded within the SubjectAlternativeName field using the DirectoryName type.
From the Vault PKI documentation for signing a certificate (https://www.vaultproject.io/api/secret/pki/index.html#sign-certificate) I see a mention of ip_sans, uri_sans, alt_names (dns and hostname). There seems to be no mention of the other GeneralNames. Is there something in the Vault open source version roadmap to provide support for the GeneralNames in the SubjectAlternativeName (SAN) as mentioned in RFC 5280, Section 126.96.36.199?