While designing and implementing your Public Key Infrastructure(PKI) architecture you may want to generate a certificate with two custom fields: "URL_1" and "URL_2" for example. If you are using the
other_sans option to add the data entries you will notice that the entries will be added under
X509v3 Subject Alternative Name block and NOT under the block
X509v3 Extended Key Usage.
This is expected behaviour as Vault PKI Secrets Engine does not support custom fields while generating or signing certificates.
The recommended approach is to have the custom fields already included in the Certificate Sign Request(CSR) and use the endpoint
sign-verbatim to sign the Certificate Sign Request(CSR) as described in PKI Secrets Engine - Sign Verbatim.
The available option
other_sans as described in the documentation is intended only for SAN extensions.
The data added to the certificate using the option
other_sans will be listed under
X509v3 Subject Alternative Name as