From 3716b1896fcd8a21647ebea0f577265673cf8d3c Mon Sep 17 00:00:00 2001
From: Carl Tashian <carl@smallstep.com>
Date: Wed, 10 Jul 2024 08:29:32 -0700
Subject: [PATCH] Add .Inseucre.CR.RawSubject

---
 step-ca/templates.mdx | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/step-ca/templates.mdx b/step-ca/templates.mdx
index f27f99a4..f2a21808 100644
--- a/step-ca/templates.mdx
+++ b/step-ca/templates.mdx
@@ -135,14 +135,21 @@ Here are some common variables available in X.509 certificate templates:
 - **.Insecure.CR.EmailAddresses**:
   The Email Address SANs provided in the CSR
 
+- **.Insecure.CR.Subject**:
+  The CSR subject field.
+
 - **.Insecure.CR.Subject.CommonName**:
-  The Common Name (CN) provided in the CSR's subject
+  The Common Name (CN) from the CSR subject
 
 - **.Insecure.CR.Subject.ExtraNames**:
-  The Extra Names provided in the CSR subject.
+  The Extra Names from the CSR subject.
   This is an array of all subject distinguished names (DNs) in the CSR.
   Each contains an OID (`type`) and a value (`value`).
 
+- **.Insecure.CR.RawSubject**:
+  The original subject asn.1 value from the CSR.
+  Use this if your application requires that the certificate subject and CSR subject match exactly.
+
 - **.Insecure.CR.PublicKey**:
   The public key provided in the certificate request.
   You can check the request's key type with a conditional, like `{{- if typeIs "*rsa.PublicKey" .Insecure.CR.PublicKey }}`.