From 8bcb489635632a4ed4b416315b59fc44c496ec1c Mon Sep 17 00:00:00 2001
From: Markus Merklinger <markus@nitrokey.com>
Date: Mon, 15 Jan 2024 14:49:47 +0100
Subject: [PATCH] Add information to CSR generation

---
 nitrokey3/windows/piv.rst | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/nitrokey3/windows/piv.rst b/nitrokey3/windows/piv.rst
index 38bfef2033..5e8063b478 100644
--- a/nitrokey3/windows/piv.rst
+++ b/nitrokey3/windows/piv.rst
@@ -53,13 +53,22 @@ This step can take a couple of minutes for RSA keys, as the pure software implem
 2. Generate a Certificate Signing Request (CSR)
 -----------------------------------------------
 
-This step generates a certificate for the key in the authentication slot. ``pivy-tool -n 'Nitro Test' -u "nitro@test.nitrokey.com" -T user-auth req-cert 9A``
+The following command generates a certificate signing request (CSR) for the key in the authentication slot.
 
-The ``Nitro Test`` username and the ``nitro@test.nitrokey.com`` email address must be changed to own values.
+.. code-block::
+
+   pivy-tool -n <cn-or-dn> -u <upn> -T user-auth req-cert 9A
 
-Expected output:
+In the above command replace ``<cn-or-dn>`` and ``<upn>`` with their respective values.
+The values are based on the Active Directory user account, for which the CSR is generated.
+The value for ``<cn-or-dn>`` is the value of the ``commonName`` attribute.
+Depending on the *Workstation Authentication Template* configuration this field might needs to contain the value from the ``distinguishedName`` attribute.
+The value for ``<upn>`` is the value of the ``userPrincipal`` attribute.
+
+A successful generation of the CSR returns the certificate request in PEM format.
 
 .. code-block::
+
    -----BEGIN CERTIFICATE REQUEST-----
    MIIC4DCCAcgCAQEwFTETMBEGA1UEAwwKTml0cm8gVGVzdDCCASIwDQYJKoZIhvcN
    AQEBBQADggEPADCCAQoCggEBAMo7kQ3CsreooECAOTKrW1+LDknGegIQiIzdVz7w
@@ -79,7 +88,7 @@ Expected output:
    eGQvuPRBmR71GRkGmqu+e1oyze8=
    -----END CERTIFICATE REQUEST-----
 
-Copy the certificate signing request to a file ``request.csr``
+Save the certificate signing request to a file ``request.csr``
 
 3. Sign the CSR
 ---------------