Advanced Rule Settings Using Regular Expressions
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure Akamai Connection
- Configure AWS Connection
- Configure Azure Key Vault Connection
-
- Workload Identity Federation Authentication
- Workload Identity Federation - Azure Identity Provider Authentication
- Next-Gen Trust Security Generated Key Authentication
- User Permissions
- Workload Identity Federation Authentication
- Next-Gen Trust Security Generated Key Authentication
- User Permissions
- Supported OIDC Claims
-
-
-
- Working with the Built-in CA
- Add AWS Public CA
- Add AWS Private CA
- Add DigiCert One Certificate Authority
- Add Entrust
- Add GlobalSign Atlas
- Add GlobalSign MSSL
- Add GoDaddy
- Add Google Cloud Private CA
- Add a HID PKIaaS CA
- Add Certificate Manager - Self-Hosted
- Set Up an OpenSSL Certificate Authority Connector
- Create a Sectigo Certificate Manager Certificate Authority
- Add Zero Touch PKI
- Set Up Certificate Expiration Notifications
- Using a Custom DNS Provider
-
-
-
-
- Create an F5 BIG-IP LTM Machine
- Create a Microsoft Azure Private Key Vault Machine
- Create a Microsoft Azure Application Registration Machine
- Create a Microsoft IIS Machine
- Create a Microsoft Windows (PowerShell) Machine
- Create a Microsoft SQL Server Machine
- Create a Common KeyStore Machine
- Create a Citrix ADC Machine
- Create an Imperva WAF Machine
- Create a VMware NSX Advanced Load Balancer (AVI) Machine
- Create an A10 Thunder ADC Machine
- Create a Cloudflare Machine
- Create Kemp Virtual LoadMaster Machine
- Create a Palo Alto Panorama Machine
- Create a Radware Alteon Machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
- Provision Certificates to Radware Alteon
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing Certificate Lifecycle Settings
- Reissuing Certificates in Next-Gen Trust Security
- Downloading Certificates, Certificate Chains, and Keystores
- Retiring, Recovering, and Deleting Certificates
- Finding Certificates in the Certificate Inventory
- Importing Certificates from a CA Using EJBCA
- Domain-Based Validation for External Emails
-
- Create a Workload Identity Management or Discovery Agent Built-in Account
- Create an OCI Registry Built-in Account
- Create a Certificate Manager - Self-Hosted Built-in Account
- Create a Scanafi Built-in Account
- Toggling a Built-in Account on or Off
- Editing Built-in Accounts
- Deleting Existing Built-in Accounts
- Renew Existing Built-in Accounts
- Troubleshooting
Advanced Rule Settings Using Regular Expressions
When configuring a new issuing template, you can use regular expressions
(regex), such as .* and [a-z], to create complex and powerful patterns in
any of the following fields on the New Issuing Template page:
- Common Name
- DNS SAN
- IP Addresses SAN
- URI SAN
- Email Addresses SAN
Examples of Common Uses
Common Name example that allows all subdomains of acme.com:
.*[.]acme[.]com
DNS SAN example that allows all subdomains except wildcards for acme.com:
[a-z-A-Z-0-9]*[.]acme.com
IP Addresses SAN example that ensures the value complies with RFC 1918 (IPv4 private address):
^(10|172[.](1[6-9]|2[0-9]|3[0-1])|192[.]168)[.].*
URI SAN example that allows any subdomain of acme.com that starts with https://, ldaps://, or spiffe://:
(https|ldaps|spiffe)://.*\.acme\.com
Email Addresses SAN example that allows all addresses that end in acme.com:
.*@acme[.]com
Regular Expression Syntax Reference
| Syntax | Description | Example | Matches |
|---|---|---|---|
| * | Matches any number of characters including none. | .*[.]acme[.]com | site-1.acme.com, www.acme.com, \*.acme.com |
| . | Matches a single character. | .?team[.]acme[.]com | ateam.acme.com, bteam.acme.com, 1team.acme.com |
| [abc] | Matches one character given in the bracket. | [tmb]ike[.]acme[.]com | tike.acme.com, mike.acme.com, bike.acme.com |
| [a-z] | Matches one character from the range given in the bracket. | [w-z]-net[.]acme[.]com | w‑net.acme.com, x‑net.acme.com, y‑net.acme.com, z‑net.acme.com |
| [^0-9] | Matches one character outside the range given in the bracket. | [^0-3][yz][.]acme[.]com | 4y.acme.com, 5z.acme.com, 6y.acme.com |