Vault pki role allow_subdomains=false


What is the usage of allow_subdomains=false
in role vault write pki/roles/cud allowed_domains=cud.local allow_subdomains=false

as I cannot generate certificate for a host in this domain

vault write pki/issue/cud
Error writing data to pki/issue/cud: Error making API request.

URL: PUT http://localhost:8200/v1/pki/issue/cud
Code: 400. Errors:

* common name not allowed by this role

That works with allow_subdomains=true but I would like prevent creation of

Any help appreciated,