Rename otherNameSANs to otherNames

* Improve the CRD godoc comments Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
2023-12-13 16:21:56 +00:00 · 2023-12-13 16:21:56 +00:00 · 4bdee5f010
commit 4bdee5f010
parent 45a8bb7edf
24 changed files with 189 additions and 183 deletions
--- a/deploy/crds/crd-certificates.yaml
+++ b/deploy/crds/crd-certificates.yaml
@ -226,18 +226,18 @@ spec:
                          type: array
                          items:
                            type: string
-                otherNameSANs:
-                  description: Any String-like OID type using oid:x.x.x.x type and StringValue value can be used for `otherName`. `otherName` is an escape hatch for SAN that allows any type but we restrict to string like, cf RFC 5280 p 37 You should ensure that the OID is valid for the string type as we do not validate this.
+                otherNames:
+                  description: '`otherNames` is an escape hatch for SAN that allows any type. We currently restrict the support to string like otherNames, cf RFC 5280 p 37 Any UTF8 String valued otherName can be passed with by setting the keys oid: x.x.x.x and UTF8Value: somevalue for `otherName`. Most commonly this would be UPN set with oid: 1.3.6.1.4.1.311.20.2.3 You should ensure that any OID passed is valid for the UTF8String type as we do not explicitly validate this.'
                  type: array
                  items:
                    type: object
                    properties:
-                      oid:
-                        description: OID is the object identifier for the otherName SAN. The object identifier must be expressed as a dotted string, for example, "1.2.840.113549.1.9.1".
-                        type: string
-                      utf8Value:
+                      UTF8Value:
                        description: Utf8Value is the string value of the otherName SAN. The string value represents a UTF-8 encoded asn1 value.
                        type: string
+                      oid:
+                        description: OID is the object identifier for the otherName SAN. The object identifier must be expressed as a dotted string, for example, "1.2.840.113556.1.4.221".
+                        type: string
                privateKey:
                  description: Private key options. These include the key algorithm and size, the used encoding and the rotation policy.
                  type: object
--- a/internal/apis/certmanager/types_certificate.go
+++ b/internal/apis/certmanager/types_certificate.go
@ -167,10 +167,12 @@ type CertificateSpec struct {
 	// Requested email subject alternative names.
 	EmailAddresses []string

-	// You should ensure that the OID is valid for the string type as we do not validate this.
-	// otherName is most commonly as a user identifier called the UPN (User Principal Name) in LDAP
-	// technically any oid can be used in `otherName` as it is a kind of escape hatch for SANs
-	OtherNameSANs []OtherNameSAN
+	// `otherNames` is an escape hatch for SAN that allows any type. We currently restrict the support to string like otherNames, cf RFC 5280 p 37
+	// Any UTF8 String valued otherName can be passed with by setting the keys oid: x.x.x.x and UTF8Value: somevalue for `otherName`.
+	// Most commonly this would be UPN set with oid: 1.3.6.1.4.1.311.20.2.3
+	// You should ensure that any OID passed is valid for the UTF8String type as we do not explicitly validate this.
+	// +optional
+	OtherNames []OtherName `json:"otherNames,omitempty"`

 	// Name of the Secret resource that will be automatically created and
 	// managed by this Certificate resource. It will be populated with a
@ -252,15 +254,15 @@ type CertificateSpec struct {
 	NameConstraints *NameConstraints
 }

-type OtherNameSAN struct {
+type OtherName struct {
 	// OID is the object identifier for the otherName SAN.
 	// The object identifier must be expressed as a dotted string, for
-	// example, "1.2.840.113549.1.9.1".
-	OID string
+	// example, "1.2.840.113556.1.4.221".
+	OID string `json:"oid,omitempty"`

 	// Utf8Value is the string value of the otherName SAN.
 	// The string value represents a UTF-8 encoded asn1 value.
-	Utf8Value string
+	UTF8Value string `json:"UTF8Value,omitempty"`
 }

 // CertificatePrivateKey contains configuration options for private keys
--- a/internal/apis/certmanager/v1/zz_generated.conversion.go
+++ b/internal/apis/certmanager/v1/zz_generated.conversion.go
@ -304,13 +304,13 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
-	if err := s.AddGeneratedConversionFunc((*v1.OtherNameSAN)(nil), (*certmanager.OtherNameSAN)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1_OtherNameSAN_To_certmanager_OtherNameSAN(a.(*v1.OtherNameSAN), b.(*certmanager.OtherNameSAN), scope)
+	if err := s.AddGeneratedConversionFunc((*v1.OtherName)(nil), (*certmanager.OtherName)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1_OtherName_To_certmanager_OtherName(a.(*v1.OtherName), b.(*certmanager.OtherName), scope)
 	}); err != nil {
 		return err
 	}
-	if err := s.AddGeneratedConversionFunc((*certmanager.OtherNameSAN)(nil), (*v1.OtherNameSAN)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_certmanager_OtherNameSAN_To_v1_OtherNameSAN(a.(*certmanager.OtherNameSAN), b.(*v1.OtherNameSAN), scope)
+	if err := s.AddGeneratedConversionFunc((*certmanager.OtherName)(nil), (*v1.OtherName)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_certmanager_OtherName_To_v1_OtherName(a.(*certmanager.OtherName), b.(*v1.OtherName), scope)
 	}); err != nil {
 		return err
 	}
@ -856,7 +856,7 @@ func autoConvert_v1_CertificateSpec_To_certmanager_CertificateSpec(in *v1.Certif
 	out.DNSNames = *(*[]string)(unsafe.Pointer(&in.DNSNames))
 	out.IPAddresses = *(*[]string)(unsafe.Pointer(&in.IPAddresses))
 	out.URIs = *(*[]string)(unsafe.Pointer(&in.URIs))
-	out.OtherNameSANs = *(*[]certmanager.OtherNameSAN)(unsafe.Pointer(&in.OtherNameSANs))
+	out.OtherNames = *(*[]certmanager.OtherName)(unsafe.Pointer(&in.OtherNames))
 	out.EmailAddresses = *(*[]string)(unsafe.Pointer(&in.EmailAddresses))
 	out.SecretName = in.SecretName
 	out.SecretTemplate = (*certmanager.CertificateSecretTemplate)(unsafe.Pointer(in.SecretTemplate))
@ -897,7 +897,7 @@ func autoConvert_certmanager_CertificateSpec_To_v1_CertificateSpec(in *certmanag
 	out.IPAddresses = *(*[]string)(unsafe.Pointer(&in.IPAddresses))
 	out.URIs = *(*[]string)(unsafe.Pointer(&in.URIs))
 	out.EmailAddresses = *(*[]string)(unsafe.Pointer(&in.EmailAddresses))
-	out.OtherNameSANs = *(*[]v1.OtherNameSAN)(unsafe.Pointer(&in.OtherNameSANs))
+	out.OtherNames = *(*[]v1.OtherName)(unsafe.Pointer(&in.OtherNames))
 	out.SecretName = in.SecretName
 	out.SecretTemplate = (*v1.CertificateSecretTemplate)(unsafe.Pointer(in.SecretTemplate))
 	if in.Keystores != nil {
@ -1337,26 +1337,26 @@ func Convert_certmanager_NameConstraints_To_v1_NameConstraints(in *certmanager.N
 	return autoConvert_certmanager_NameConstraints_To_v1_NameConstraints(in, out, s)
 }

-func autoConvert_v1_OtherNameSAN_To_certmanager_OtherNameSAN(in *v1.OtherNameSAN, out *certmanager.OtherNameSAN, s conversion.Scope) error {
+func autoConvert_v1_OtherName_To_certmanager_OtherName(in *v1.OtherName, out *certmanager.OtherName, s conversion.Scope) error {
 	out.OID = in.OID
-	out.Utf8Value = in.Utf8Value
+	out.UTF8Value = in.UTF8Value
 	return nil
 }

-// Convert_v1_OtherNameSAN_To_certmanager_OtherNameSAN is an autogenerated conversion function.
-func Convert_v1_OtherNameSAN_To_certmanager_OtherNameSAN(in *v1.OtherNameSAN, out *certmanager.OtherNameSAN, s conversion.Scope) error {
-	return autoConvert_v1_OtherNameSAN_To_certmanager_OtherNameSAN(in, out, s)
+// Convert_v1_OtherName_To_certmanager_OtherName is an autogenerated conversion function.
+func Convert_v1_OtherName_To_certmanager_OtherName(in *v1.OtherName, out *certmanager.OtherName, s conversion.Scope) error {
+	return autoConvert_v1_OtherName_To_certmanager_OtherName(in, out, s)
 }

-func autoConvert_certmanager_OtherNameSAN_To_v1_OtherNameSAN(in *certmanager.OtherNameSAN, out *v1.OtherNameSAN, s conversion.Scope) error {
+func autoConvert_certmanager_OtherName_To_v1_OtherName(in *certmanager.OtherName, out *v1.OtherName, s conversion.Scope) error {
 	out.OID = in.OID
-	out.Utf8Value = in.Utf8Value
+	out.UTF8Value = in.UTF8Value
 	return nil
 }

-// Convert_certmanager_OtherNameSAN_To_v1_OtherNameSAN is an autogenerated conversion function.
-func Convert_certmanager_OtherNameSAN_To_v1_OtherNameSAN(in *certmanager.OtherNameSAN, out *v1.OtherNameSAN, s conversion.Scope) error {
-	return autoConvert_certmanager_OtherNameSAN_To_v1_OtherNameSAN(in, out, s)
+// Convert_certmanager_OtherName_To_v1_OtherName is an autogenerated conversion function.
+func Convert_certmanager_OtherName_To_v1_OtherName(in *certmanager.OtherName, out *v1.OtherName, s conversion.Scope) error {
+	return autoConvert_certmanager_OtherName_To_v1_OtherName(in, out, s)
 }

 func autoConvert_v1_PKCS12Keystore_To_certmanager_PKCS12Keystore(in *v1.PKCS12Keystore, out *certmanager.PKCS12Keystore, s conversion.Scope) error {
--- a/internal/apis/certmanager/v1alpha2/types_certificate.go
+++ b/internal/apis/certmanager/v1alpha2/types_certificate.go
@ -135,11 +135,12 @@ type CertificateSpec struct {
 	// +optional
 	EmailSANs []string `json:"emailSANs,omitempty"`

-	// Any String-like OID type using oid:x.x.x.x type and StringValue value can be used for `otherName`.
-	// `otherName` is an escape hatch for SAN that allows any type but we restrict to string like, cf RFC 5280 p 37
-	// You should ensure that the OID is valid for the string type as we do not validate this.
+	// `otherNames` is an escape hatch for SAN that allows any type. We currently restrict the support to string like otherNames, cf RFC 5280 p 37
+	// Any UTF8 String valued otherName can be passed with by setting the keys oid: x.x.x.x and UTF8Value: somevalue for `otherName`.
+	// Most commonly this would be UPN set with oid: 1.3.6.1.4.1.311.20.2.3
+	// You should ensure that any OID passed is valid for the UTF8String type as we do not explicitly validate this.
 	// +optional
-	OtherNameSANs []OtherNameSAN `json:"otherNameSANs,omitempty"`
+	OtherNames []OtherName `json:"otherNames,omitempty"`

 	// SecretName is the name of the secret resource that will be automatically
 	// created and managed by this Certificate resource.
@ -240,15 +241,15 @@ type CertificateSpec struct {
 	NameConstraints *NameConstraints `json:"nameConstraints,omitempty"`
 }

-type OtherNameSAN struct {
+type OtherName struct {
 	// OID is the object identifier for the otherName SAN.
 	// The object identifier must be expressed as a dotted string, for
-	// example, "1.2.840.113549.1.9.1".
+	// example, "1.2.840.113556.1.4.221".
 	OID string `json:"oid,omitempty"`

 	// Utf8Value is the string value of the otherName SAN.
 	// The string value represents a UTF-8 encoded asn1 value.
-	Utf8Value string `json:"utf8Value,omitempty"`
+	UTF8Value string `json:"UTF8Value,omitempty"`
 }

 // CertificatePrivateKey contains configuration options for private keys
--- a/internal/apis/certmanager/v1alpha2/zz_generated.conversion.go
+++ b/internal/apis/certmanager/v1alpha2/zz_generated.conversion.go
@ -277,13 +277,13 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
-	if err := s.AddGeneratedConversionFunc((*OtherNameSAN)(nil), (*certmanager.OtherNameSAN)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha2_OtherNameSAN_To_certmanager_OtherNameSAN(a.(*OtherNameSAN), b.(*certmanager.OtherNameSAN), scope)
+	if err := s.AddGeneratedConversionFunc((*OtherName)(nil), (*certmanager.OtherName)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1alpha2_OtherName_To_certmanager_OtherName(a.(*OtherName), b.(*certmanager.OtherName), scope)
 	}); err != nil {
 		return err
 	}
-	if err := s.AddGeneratedConversionFunc((*certmanager.OtherNameSAN)(nil), (*OtherNameSAN)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_certmanager_OtherNameSAN_To_v1alpha2_OtherNameSAN(a.(*certmanager.OtherNameSAN), b.(*OtherNameSAN), scope)
+	if err := s.AddGeneratedConversionFunc((*certmanager.OtherName)(nil), (*OtherName)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_certmanager_OtherName_To_v1alpha2_OtherName(a.(*certmanager.OtherName), b.(*OtherName), scope)
 	}); err != nil {
 		return err
 	}
@ -846,7 +846,7 @@ func autoConvert_v1alpha2_CertificateSpec_To_certmanager_CertificateSpec(in *Cer
 	out.IPAddresses = *(*[]string)(unsafe.Pointer(&in.IPAddresses))
 	// WARNING: in.URISANs requires manual conversion: does not exist in peer-type
 	// WARNING: in.EmailSANs requires manual conversion: does not exist in peer-type
-	out.OtherNameSANs = *(*[]certmanager.OtherNameSAN)(unsafe.Pointer(&in.OtherNameSANs))
+	out.OtherNames = *(*[]certmanager.OtherName)(unsafe.Pointer(&in.OtherNames))
 	out.SecretName = in.SecretName
 	out.SecretTemplate = (*certmanager.CertificateSecretTemplate)(unsafe.Pointer(in.SecretTemplate))
 	if in.Keystores != nil {
@ -900,7 +900,7 @@ func autoConvert_certmanager_CertificateSpec_To_v1alpha2_CertificateSpec(in *cer
 	out.IPAddresses = *(*[]string)(unsafe.Pointer(&in.IPAddresses))
 	// WARNING: in.URIs requires manual conversion: does not exist in peer-type
 	// WARNING: in.EmailAddresses requires manual conversion: does not exist in peer-type
-	out.OtherNameSANs = *(*[]OtherNameSAN)(unsafe.Pointer(&in.OtherNameSANs))
+	out.OtherNames = *(*[]OtherName)(unsafe.Pointer(&in.OtherNames))
 	out.SecretName = in.SecretName
 	out.SecretTemplate = (*CertificateSecretTemplate)(unsafe.Pointer(in.SecretTemplate))
 	if in.Keystores != nil {
@ -1343,26 +1343,26 @@ func Convert_certmanager_NameConstraints_To_v1alpha2_NameConstraints(in *certman
 	return autoConvert_certmanager_NameConstraints_To_v1alpha2_NameConstraints(in, out, s)
 }

-func autoConvert_v1alpha2_OtherNameSAN_To_certmanager_OtherNameSAN(in *OtherNameSAN, out *certmanager.OtherNameSAN, s conversion.Scope) error {
+func autoConvert_v1alpha2_OtherName_To_certmanager_OtherName(in *OtherName, out *certmanager.OtherName, s conversion.Scope) error {
 	out.OID = in.OID
-	out.Utf8Value = in.Utf8Value
+	out.UTF8Value = in.UTF8Value
 	return nil
 }

-// Convert_v1alpha2_OtherNameSAN_To_certmanager_OtherNameSAN is an autogenerated conversion function.
-func Convert_v1alpha2_OtherNameSAN_To_certmanager_OtherNameSAN(in *OtherNameSAN, out *certmanager.OtherNameSAN, s conversion.Scope) error {
-	return autoConvert_v1alpha2_OtherNameSAN_To_certmanager_OtherNameSAN(in, out, s)
+// Convert_v1alpha2_OtherName_To_certmanager_OtherName is an autogenerated conversion function.
+func Convert_v1alpha2_OtherName_To_certmanager_OtherName(in *OtherName, out *certmanager.OtherName, s conversion.Scope) error {
+	return autoConvert_v1alpha2_OtherName_To_certmanager_OtherName(in, out, s)
 }

-func autoConvert_certmanager_OtherNameSAN_To_v1alpha2_OtherNameSAN(in *certmanager.OtherNameSAN, out *OtherNameSAN, s conversion.Scope) error {
+func autoConvert_certmanager_OtherName_To_v1alpha2_OtherName(in *certmanager.OtherName, out *OtherName, s conversion.Scope) error {
 	out.OID = in.OID
-	out.Utf8Value = in.Utf8Value
+	out.UTF8Value = in.UTF8Value
 	return nil
 }

-// Convert_certmanager_OtherNameSAN_To_v1alpha2_OtherNameSAN is an autogenerated conversion function.
-func Convert_certmanager_OtherNameSAN_To_v1alpha2_OtherNameSAN(in *certmanager.OtherNameSAN, out *OtherNameSAN, s conversion.Scope) error {
-	return autoConvert_certmanager_OtherNameSAN_To_v1alpha2_OtherNameSAN(in, out, s)
+// Convert_certmanager_OtherName_To_v1alpha2_OtherName is an autogenerated conversion function.
+func Convert_certmanager_OtherName_To_v1alpha2_OtherName(in *certmanager.OtherName, out *OtherName, s conversion.Scope) error {
+	return autoConvert_certmanager_OtherName_To_v1alpha2_OtherName(in, out, s)
 }

 func autoConvert_v1alpha2_PKCS12Keystore_To_certmanager_PKCS12Keystore(in *PKCS12Keystore, out *certmanager.PKCS12Keystore, s conversion.Scope) error {
--- a/internal/apis/certmanager/v1alpha2/zz_generated.deepcopy.go
+++ b/internal/apis/certmanager/v1alpha2/zz_generated.deepcopy.go
@ -441,9 +441,9 @@ func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
-	if in.OtherNameSANs != nil {
-		in, out := &in.OtherNameSANs, &out.OtherNameSANs
-		*out = make([]OtherNameSAN, len(*in))
+	if in.OtherNames != nil {
+		in, out := &in.OtherNames, &out.OtherNames
+		*out = make([]OtherName, len(*in))
 		copy(*out, *in)
 	}
 	if in.SecretTemplate != nil {
@ -862,17 +862,17 @@ func (in *NameConstraints) DeepCopy() *NameConstraints {
 }

 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *OtherNameSAN) DeepCopyInto(out *OtherNameSAN) {
+func (in *OtherName) DeepCopyInto(out *OtherName) {
 	*out = *in
 	return
 }

-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OtherNameSAN.
-func (in *OtherNameSAN) DeepCopy() *OtherNameSAN {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OtherName.
+func (in *OtherName) DeepCopy() *OtherName {
 	if in == nil {
 		return nil
 	}
-	out := new(OtherNameSAN)
+	out := new(OtherName)
 	in.DeepCopyInto(out)
 	return out
 }
--- a/internal/apis/certmanager/v1alpha3/types_certificate.go
+++ b/internal/apis/certmanager/v1alpha3/types_certificate.go
@ -133,11 +133,12 @@ type CertificateSpec struct {
 	// +optional
 	EmailSANs []string `json:"emailSANs,omitempty"`

-	// Any String-like OID type using oid:x.x.x.x type and StringValue value can be used for `otherName`.
-	// `otherName` is an escape hatch for SAN that allows any type but we restrict to string like, cf RFC 5280 p 37
-	// You should ensure that the OID is valid for the string type as we do not validate this.
+	// `otherNames` is an escape hatch for SAN that allows any type. We currently restrict the support to string like otherNames, cf RFC 5280 p 37
+	// Any UTF8 String valued otherName can be passed with by setting the keys oid: x.x.x.x and UTF8Value: somevalue for `otherName`.
+	// Most commonly this would be UPN set with oid: 1.3.6.1.4.1.311.20.2.3
+	// You should ensure that any OID passed is valid for the UTF8String type as we do not explicitly validate this.
 	// +optional
-	OtherNameSANs []OtherNameSAN `json:"otherNameSANs,omitempty"`
+	OtherNames []OtherName `json:"otherNames,omitempty"`

 	// SecretName is the name of the secret resource that will be automatically
 	// created and managed by this Certificate resource.
@ -238,15 +239,15 @@ type CertificateSpec struct {
 	NameConstraints *NameConstraints `json:"nameConstraints,omitempty"`
 }

-type OtherNameSAN struct {
+type OtherName struct {
 	// OID is the object identifier for the otherName SAN.
 	// The object identifier must be expressed as a dotted string, for
-	// example, "1.2.840.113549.1.9.1".
+	// example, "1.2.840.113556.1.4.221".
 	OID string `json:"oid,omitempty"`

 	// Utf8Value is the string value of the otherName SAN.
 	// The string value represents a UTF-8 encoded asn1 value.
-	Utf8Value string `json:"utf8Value,omitempty"`
+	UTF8Value string `json:"UTF8Value,omitempty"`
 }

 // CertificatePrivateKey contains configuration options for private keys
--- a/internal/apis/certmanager/v1alpha3/zz_generated.conversion.go
+++ b/internal/apis/certmanager/v1alpha3/zz_generated.conversion.go
@ -277,13 +277,13 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
-	if err := s.AddGeneratedConversionFunc((*OtherNameSAN)(nil), (*certmanager.OtherNameSAN)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha3_OtherNameSAN_To_certmanager_OtherNameSAN(a.(*OtherNameSAN), b.(*certmanager.OtherNameSAN), scope)
+	if err := s.AddGeneratedConversionFunc((*OtherName)(nil), (*certmanager.OtherName)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1alpha3_OtherName_To_certmanager_OtherName(a.(*OtherName), b.(*certmanager.OtherName), scope)
 	}); err != nil {
 		return err
 	}
-	if err := s.AddGeneratedConversionFunc((*certmanager.OtherNameSAN)(nil), (*OtherNameSAN)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_certmanager_OtherNameSAN_To_v1alpha3_OtherNameSAN(a.(*certmanager.OtherNameSAN), b.(*OtherNameSAN), scope)
+	if err := s.AddGeneratedConversionFunc((*certmanager.OtherName)(nil), (*OtherName)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_certmanager_OtherName_To_v1alpha3_OtherName(a.(*certmanager.OtherName), b.(*OtherName), scope)
 	}); err != nil {
 		return err
 	}
@ -845,7 +845,7 @@ func autoConvert_v1alpha3_CertificateSpec_To_certmanager_CertificateSpec(in *Cer
 	out.IPAddresses = *(*[]string)(unsafe.Pointer(&in.IPAddresses))
 	// WARNING: in.URISANs requires manual conversion: does not exist in peer-type
 	// WARNING: in.EmailSANs requires manual conversion: does not exist in peer-type
-	out.OtherNameSANs = *(*[]certmanager.OtherNameSAN)(unsafe.Pointer(&in.OtherNameSANs))
+	out.OtherNames = *(*[]certmanager.OtherName)(unsafe.Pointer(&in.OtherNames))
 	out.SecretName = in.SecretName
 	out.SecretTemplate = (*certmanager.CertificateSecretTemplate)(unsafe.Pointer(in.SecretTemplate))
 	if in.Keystores != nil {
@ -899,7 +899,7 @@ func autoConvert_certmanager_CertificateSpec_To_v1alpha3_CertificateSpec(in *cer
 	out.IPAddresses = *(*[]string)(unsafe.Pointer(&in.IPAddresses))
 	// WARNING: in.URIs requires manual conversion: does not exist in peer-type
 	// WARNING: in.EmailAddresses requires manual conversion: does not exist in peer-type
-	out.OtherNameSANs = *(*[]OtherNameSAN)(unsafe.Pointer(&in.OtherNameSANs))
+	out.OtherNames = *(*[]OtherName)(unsafe.Pointer(&in.OtherNames))
 	out.SecretName = in.SecretName
 	out.SecretTemplate = (*CertificateSecretTemplate)(unsafe.Pointer(in.SecretTemplate))
 	if in.Keystores != nil {
@ -1342,26 +1342,26 @@ func Convert_certmanager_NameConstraints_To_v1alpha3_NameConstraints(in *certman
 	return autoConvert_certmanager_NameConstraints_To_v1alpha3_NameConstraints(in, out, s)
 }

-func autoConvert_v1alpha3_OtherNameSAN_To_certmanager_OtherNameSAN(in *OtherNameSAN, out *certmanager.OtherNameSAN, s conversion.Scope) error {
+func autoConvert_v1alpha3_OtherName_To_certmanager_OtherName(in *OtherName, out *certmanager.OtherName, s conversion.Scope) error {
 	out.OID = in.OID
-	out.Utf8Value = in.Utf8Value
+	out.UTF8Value = in.UTF8Value
 	return nil
 }

-// Convert_v1alpha3_OtherNameSAN_To_certmanager_OtherNameSAN is an autogenerated conversion function.
-func Convert_v1alpha3_OtherNameSAN_To_certmanager_OtherNameSAN(in *OtherNameSAN, out *certmanager.OtherNameSAN, s conversion.Scope) error {
-	return autoConvert_v1alpha3_OtherNameSAN_To_certmanager_OtherNameSAN(in, out, s)
+// Convert_v1alpha3_OtherName_To_certmanager_OtherName is an autogenerated conversion function.
+func Convert_v1alpha3_OtherName_To_certmanager_OtherName(in *OtherName, out *certmanager.OtherName, s conversion.Scope) error {
+	return autoConvert_v1alpha3_OtherName_To_certmanager_OtherName(in, out, s)
 }

-func autoConvert_certmanager_OtherNameSAN_To_v1alpha3_OtherNameSAN(in *certmanager.OtherNameSAN, out *OtherNameSAN, s conversion.Scope) error {
+func autoConvert_certmanager_OtherName_To_v1alpha3_OtherName(in *certmanager.OtherName, out *OtherName, s conversion.Scope) error {
 	out.OID = in.OID
-	out.Utf8Value = in.Utf8Value
+	out.UTF8Value = in.UTF8Value
 	return nil
 }

-// Convert_certmanager_OtherNameSAN_To_v1alpha3_OtherNameSAN is an autogenerated conversion function.
-func Convert_certmanager_OtherNameSAN_To_v1alpha3_OtherNameSAN(in *certmanager.OtherNameSAN, out *OtherNameSAN, s conversion.Scope) error {
-	return autoConvert_certmanager_OtherNameSAN_To_v1alpha3_OtherNameSAN(in, out, s)
+// Convert_certmanager_OtherName_To_v1alpha3_OtherName is an autogenerated conversion function.
+func Convert_certmanager_OtherName_To_v1alpha3_OtherName(in *certmanager.OtherName, out *OtherName, s conversion.Scope) error {
+	return autoConvert_certmanager_OtherName_To_v1alpha3_OtherName(in, out, s)
 }

 func autoConvert_v1alpha3_PKCS12Keystore_To_certmanager_PKCS12Keystore(in *PKCS12Keystore, out *certmanager.PKCS12Keystore, s conversion.Scope) error {
--- a/internal/apis/certmanager/v1alpha3/zz_generated.deepcopy.go
+++ b/internal/apis/certmanager/v1alpha3/zz_generated.deepcopy.go
@ -436,9 +436,9 @@ func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
-	if in.OtherNameSANs != nil {
-		in, out := &in.OtherNameSANs, &out.OtherNameSANs
-		*out = make([]OtherNameSAN, len(*in))
+	if in.OtherNames != nil {
+		in, out := &in.OtherNames, &out.OtherNames
+		*out = make([]OtherName, len(*in))
 		copy(*out, *in)
 	}
 	if in.SecretTemplate != nil {
@ -857,17 +857,17 @@ func (in *NameConstraints) DeepCopy() *NameConstraints {
 }

 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *OtherNameSAN) DeepCopyInto(out *OtherNameSAN) {
+func (in *OtherName) DeepCopyInto(out *OtherName) {
 	*out = *in
 	return
 }

-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OtherNameSAN.
-func (in *OtherNameSAN) DeepCopy() *OtherNameSAN {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OtherName.
+func (in *OtherName) DeepCopy() *OtherName {
 	if in == nil {
 		return nil
 	}
-	out := new(OtherNameSAN)
+	out := new(OtherName)
 	in.DeepCopyInto(out)
 	return out
 }
--- a/internal/apis/certmanager/v1beta1/types_certificate.go
+++ b/internal/apis/certmanager/v1beta1/types_certificate.go
@ -134,11 +134,12 @@ type CertificateSpec struct {
 	// +optional
 	EmailSANs []string `json:"emailSANs,omitempty"`

-	// Any String-like OID type using oid:x.x.x.x type and StringValue value can be used for `otherName`.
-	// `otherName` is an escape hatch for SAN that allows any type but we restrict to string like, cf RFC 5280 p 37
-	// You should ensure that the OID is valid for the string type as we do not validate this.
+	// `otherNames` is an escape hatch for SAN that allows any type. We currently restrict the support to string like otherNames, cf RFC 5280 p 37
+	// Any UTF8 String valued otherName can be passed with by setting the keys oid: x.x.x.x and UTF8Value: somevalue for `otherName`.
+	// Most commonly this would be UPN set with oid: 1.3.6.1.4.1.311.20.2.3
+	// You should ensure that any OID passed is valid for the UTF8String type as we do not explicitly validate this.
 	// +optional
-	OtherNameSANs []OtherNameSAN `json:"otherNameSANs,omitempty"`
+	OtherNames []OtherName `json:"otherNames,omitempty"`

 	// SecretName is the name of the secret resource that will be automatically
 	// created and managed by this Certificate resource.
@ -215,15 +216,15 @@ type CertificateSpec struct {
 	NameConstraints *NameConstraints `json:"nameConstraints,omitempty"`
 }

-type OtherNameSAN struct {
+type OtherName struct {
 	// OID is the object identifier for the otherName SAN.
 	// The object identifier must be expressed as a dotted string, for
-	// example, "1.2.840.113549.1.9.1".
+	// example, "1.2.840.113556.1.4.221".
 	OID string `json:"oid,omitempty"`

 	// Utf8Value is the string value of the otherName SAN.
 	// The string value represents a UTF-8 encoded asn1 value.
-	Utf8Value string `json:"utf8Value,omitempty"`
+	UTF8Value string `json:"UTF8Value,omitempty"`
 }

 // CertificatePrivateKey contains configuration options for private keys
--- a/internal/apis/certmanager/v1beta1/zz_generated.conversion.go
+++ b/internal/apis/certmanager/v1beta1/zz_generated.conversion.go
@ -292,13 +292,13 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
-	if err := s.AddGeneratedConversionFunc((*OtherNameSAN)(nil), (*certmanager.OtherNameSAN)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1beta1_OtherNameSAN_To_certmanager_OtherNameSAN(a.(*OtherNameSAN), b.(*certmanager.OtherNameSAN), scope)
+	if err := s.AddGeneratedConversionFunc((*OtherName)(nil), (*certmanager.OtherName)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1beta1_OtherName_To_certmanager_OtherName(a.(*OtherName), b.(*certmanager.OtherName), scope)
 	}); err != nil {
 		return err
 	}
-	if err := s.AddGeneratedConversionFunc((*certmanager.OtherNameSAN)(nil), (*OtherNameSAN)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_certmanager_OtherNameSAN_To_v1beta1_OtherNameSAN(a.(*certmanager.OtherNameSAN), b.(*OtherNameSAN), scope)
+	if err := s.AddGeneratedConversionFunc((*certmanager.OtherName)(nil), (*OtherName)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_certmanager_OtherName_To_v1beta1_OtherName(a.(*certmanager.OtherName), b.(*OtherName), scope)
 	}); err != nil {
 		return err
 	}
@ -855,7 +855,7 @@ func autoConvert_v1beta1_CertificateSpec_To_certmanager_CertificateSpec(in *Cert
 	out.IPAddresses = *(*[]string)(unsafe.Pointer(&in.IPAddresses))
 	// WARNING: in.URISANs requires manual conversion: does not exist in peer-type
 	// WARNING: in.EmailSANs requires manual conversion: does not exist in peer-type
-	out.OtherNameSANs = *(*[]certmanager.OtherNameSAN)(unsafe.Pointer(&in.OtherNameSANs))
+	out.OtherNames = *(*[]certmanager.OtherName)(unsafe.Pointer(&in.OtherNames))
 	out.SecretName = in.SecretName
 	out.SecretTemplate = (*certmanager.CertificateSecretTemplate)(unsafe.Pointer(in.SecretTemplate))
 	if in.Keystores != nil {
@ -890,7 +890,7 @@ func autoConvert_certmanager_CertificateSpec_To_v1beta1_CertificateSpec(in *cert
 	out.IPAddresses = *(*[]string)(unsafe.Pointer(&in.IPAddresses))
 	// WARNING: in.URIs requires manual conversion: does not exist in peer-type
 	// WARNING: in.EmailAddresses requires manual conversion: does not exist in peer-type
-	out.OtherNameSANs = *(*[]OtherNameSAN)(unsafe.Pointer(&in.OtherNameSANs))
+	out.OtherNames = *(*[]OtherName)(unsafe.Pointer(&in.OtherNames))
 	out.SecretName = in.SecretName
 	out.SecretTemplate = (*CertificateSecretTemplate)(unsafe.Pointer(in.SecretTemplate))
 	if in.Keystores != nil {
@ -1325,26 +1325,26 @@ func Convert_certmanager_NameConstraints_To_v1beta1_NameConstraints(in *certmana
 	return autoConvert_certmanager_NameConstraints_To_v1beta1_NameConstraints(in, out, s)
 }

-func autoConvert_v1beta1_OtherNameSAN_To_certmanager_OtherNameSAN(in *OtherNameSAN, out *certmanager.OtherNameSAN, s conversion.Scope) error {
+func autoConvert_v1beta1_OtherName_To_certmanager_OtherName(in *OtherName, out *certmanager.OtherName, s conversion.Scope) error {
 	out.OID = in.OID
-	out.Utf8Value = in.Utf8Value
+	out.UTF8Value = in.UTF8Value
 	return nil
 }

-// Convert_v1beta1_OtherNameSAN_To_certmanager_OtherNameSAN is an autogenerated conversion function.
-func Convert_v1beta1_OtherNameSAN_To_certmanager_OtherNameSAN(in *OtherNameSAN, out *certmanager.OtherNameSAN, s conversion.Scope) error {
-	return autoConvert_v1beta1_OtherNameSAN_To_certmanager_OtherNameSAN(in, out, s)
+// Convert_v1beta1_OtherName_To_certmanager_OtherName is an autogenerated conversion function.
+func Convert_v1beta1_OtherName_To_certmanager_OtherName(in *OtherName, out *certmanager.OtherName, s conversion.Scope) error {
+	return autoConvert_v1beta1_OtherName_To_certmanager_OtherName(in, out, s)
 }

-func autoConvert_certmanager_OtherNameSAN_To_v1beta1_OtherNameSAN(in *certmanager.OtherNameSAN, out *OtherNameSAN, s conversion.Scope) error {
+func autoConvert_certmanager_OtherName_To_v1beta1_OtherName(in *certmanager.OtherName, out *OtherName, s conversion.Scope) error {
 	out.OID = in.OID
-	out.Utf8Value = in.Utf8Value
+	out.UTF8Value = in.UTF8Value
 	return nil
 }

-// Convert_certmanager_OtherNameSAN_To_v1beta1_OtherNameSAN is an autogenerated conversion function.
-func Convert_certmanager_OtherNameSAN_To_v1beta1_OtherNameSAN(in *certmanager.OtherNameSAN, out *OtherNameSAN, s conversion.Scope) error {
-	return autoConvert_certmanager_OtherNameSAN_To_v1beta1_OtherNameSAN(in, out, s)
+// Convert_certmanager_OtherName_To_v1beta1_OtherName is an autogenerated conversion function.
+func Convert_certmanager_OtherName_To_v1beta1_OtherName(in *certmanager.OtherName, out *OtherName, s conversion.Scope) error {
+	return autoConvert_certmanager_OtherName_To_v1beta1_OtherName(in, out, s)
 }

 func autoConvert_v1beta1_PKCS12Keystore_To_certmanager_PKCS12Keystore(in *PKCS12Keystore, out *certmanager.PKCS12Keystore, s conversion.Scope) error {
--- a/internal/apis/certmanager/v1beta1/zz_generated.deepcopy.go
+++ b/internal/apis/certmanager/v1beta1/zz_generated.deepcopy.go
@ -436,9 +436,9 @@ func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
-	if in.OtherNameSANs != nil {
-		in, out := &in.OtherNameSANs, &out.OtherNameSANs
-		*out = make([]OtherNameSAN, len(*in))
+	if in.OtherNames != nil {
+		in, out := &in.OtherNames, &out.OtherNames
+		*out = make([]OtherName, len(*in))
 		copy(*out, *in)
 	}
 	if in.SecretTemplate != nil {
@ -857,17 +857,17 @@ func (in *NameConstraints) DeepCopy() *NameConstraints {
 }

 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *OtherNameSAN) DeepCopyInto(out *OtherNameSAN) {
+func (in *OtherName) DeepCopyInto(out *OtherName) {
 	*out = *in
 	return
 }

-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OtherNameSAN.
-func (in *OtherNameSAN) DeepCopy() *OtherNameSAN {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OtherName.
+func (in *OtherName) DeepCopy() *OtherName {
 	if in == nil {
 		return nil
 	}
-	out := new(OtherNameSAN)
+	out := new(OtherName)
 	in.DeepCopyInto(out)
 	return out
 }
--- a/internal/apis/certmanager/validation/certificate.go
+++ b/internal/apis/certmanager/validation/certificate.go
@ -106,8 +106,8 @@ func ValidateCertificateSpec(crt *internalcmapi.CertificateSpec, fldPath *field.
 		len(crt.URIs) == 0 &&
 		len(crt.EmailAddresses) == 0 &&
 		len(crt.IPAddresses) == 0 &&
-		len(crt.OtherNameSANs) == 0 {
-		el = append(el, field.Invalid(fldPath, "", "at least one of commonName, dnsNames, uriSANs, ipAddresses, emailSANs or otherNameSANs must be set"))
+		len(crt.OtherNames) == 0 {
+		el = append(el, field.Invalid(fldPath, "", "at least one of commonName, dnsNames, uriSANs, ipAddresses, emailSANs or otherNames must be set"))
 	}

 	// if a common name has been specified, ensure it is no longer than 64 chars
@ -123,17 +123,17 @@ func ValidateCertificateSpec(crt *internalcmapi.CertificateSpec, fldPath *field.
 		el = append(el, validateEmailAddresses(crt, fldPath)...)
 	}

-	if len(crt.OtherNameSANs) > 0 {
-		if !utilfeature.DefaultFeatureGate.Enabled(feature.OtherNameSANs) {
-			el = append(el, field.Forbidden(fldPath.Child("OtherNameSANs"), "Feature gate OtherNameSANs must be enabled on both webhook and controller to use the alpha `otherNameSANs` field"))
+	if len(crt.OtherNames) > 0 {
+		if !utilfeature.DefaultFeatureGate.Enabled(feature.OtherNames) {
+			el = append(el, field.Forbidden(fldPath.Child("OtherNames"), "Feature gate OtherNames must be enabled on both webhook and controller to use the alpha `otherNames` field"))
 		}

-		for i, otherName := range crt.OtherNameSANs {
+		for i, otherName := range crt.OtherNames {
 			if otherName.OID == "" {
-				el = append(el, field.Required(fldPath.Child("otherNameSANs").Index(i).Child("oid"), "must be specified"))
+				el = append(el, field.Required(fldPath.Child("otherNames").Index(i).Child("oid"), "must be specified"))
 			}
-			if otherName.Utf8Value == "" {
-				el = append(el, field.Required(fldPath.Child("otherNameSANs").Index(i).Child("utf8Value"), "must be specified"))
+			if otherName.UTF8Value == "" {
+				el = append(el, field.Required(fldPath.Child("otherNames").Index(i).Child("utf8Value"), "must be specified"))
 			}
 		}
 	}
--- a/internal/apis/certmanager/validation/certificate_test.go
+++ b/internal/apis/certmanager/validation/certificate_test.go
@ -165,7 +165,7 @@ func TestValidateCertificate(t *testing.T) {
 			},
 			a: someAdmissionRequest,
 			errs: []*field.Error{
-				field.Invalid(fldPath, "", "at least one of commonName, dnsNames, uriSANs, ipAddresses, emailSANs or otherNameSANs must be set"),
+				field.Invalid(fldPath, "", "at least one of commonName, dnsNames, uriSANs, ipAddresses, emailSANs or otherNames must be set"),
 			},
 		},
 		"certificate with no issuerRef": {
@ -1046,7 +1046,7 @@ func Test_validateLiteralSubject(t *testing.T) {
 			},
 			a: someAdmissionRequest,
 			errs: []*field.Error{
-				field.Invalid(fldPath, "", "at least one of commonName, dnsNames, uriSANs, ipAddresses, emailSANs or otherNameSANs must be set"),
+				field.Invalid(fldPath, "", "at least one of commonName, dnsNames, uriSANs, ipAddresses, emailSANs or otherNames must be set"),
 			},
 		},
 		"invalid with a `literalSubject` and any `Subject` other than serialNumber": {
--- a/internal/apis/certmanager/zz_generated.deepcopy.go
+++ b/internal/apis/certmanager/zz_generated.deepcopy.go
@ -436,9 +436,9 @@ func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
-	if in.OtherNameSANs != nil {
-		in, out := &in.OtherNameSANs, &out.OtherNameSANs
-		*out = make([]OtherNameSAN, len(*in))
+	if in.OtherNames != nil {
+		in, out := &in.OtherNames, &out.OtherNames
+		*out = make([]OtherName, len(*in))
 		copy(*out, *in)
 	}
 	if in.SecretTemplate != nil {
@ -857,17 +857,17 @@ func (in *NameConstraints) DeepCopy() *NameConstraints {
 }

 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *OtherNameSAN) DeepCopyInto(out *OtherNameSAN) {
+func (in *OtherName) DeepCopyInto(out *OtherName) {
 	*out = *in
 	return
 }

-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OtherNameSAN.
-func (in *OtherNameSAN) DeepCopy() *OtherNameSAN {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OtherName.
+func (in *OtherName) DeepCopy() *OtherName {
 	if in == nil {
 		return nil
 	}
-	out := new(OtherNameSAN)
+	out := new(OtherName)
 	in.DeepCopyInto(out)
 	return out
 }
--- a/internal/controller/feature/features.go
+++ b/internal/controller/feature/features.go
@ -130,10 +130,10 @@ const (
 	// Owner: @SpectralHiss
 	// Alpha: v1.14
 	//
-	// OtherNameSANs adds support for OtherName Subject Alternative Name values in
+	// OtherNames adds support for OtherName Subject Alternative Name values in
 	// Certificate resources.
 	// Github Issue: https://github.com/cert-manager/cert-manager/issues/6393
-	OtherNameSANs featuregate.Feature = "OtherNameSANs"
+	OtherNames featuregate.Feature = "OtherNames"
 )

 func init() {
@ -156,5 +156,5 @@ var defaultCertManagerFeatureGates = map[featuregate.Feature]featuregate.Feature
 	LiteralCertificateSubject:                        {Default: false, PreRelease: featuregate.Alpha},
 	UseCertificateRequestBasicConstraints:            {Default: false, PreRelease: featuregate.Alpha},
 	UseCertificateRequestNameConstraints:             {Default: false, PreRelease: featuregate.Alpha},
-	OtherNameSANs:                                    {Default: false, PreRelease: featuregate.Alpha},
+	OtherNames:                                       {Default: false, PreRelease: featuregate.Alpha},
 }
--- a/internal/webhook/feature/features.go
+++ b/internal/webhook/feature/features.go
@ -73,10 +73,10 @@ const (
 	// Owner: @SpectralHiss
 	// Alpha: v1.14
 	//
-	// OtherNameSANs adds support for OtherName Subject Alternative Name values in
+	// OtherNames adds support for OtherName Subject Alternative Name values in
 	// Certificate resources.
 	// Github Issue: https://github.com/cert-manager/cert-manager/issues/6393
-	OtherNameSANs featuregate.Feature = "OtherNameSANs"
+	OtherNames featuregate.Feature = "OtherNames"
 )

 func init() {
@ -96,5 +96,5 @@ var webhookFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{
 	AdditionalCertificateOutputFormats:   {Default: false, PreRelease: featuregate.Alpha},
 	LiteralCertificateSubject:            {Default: false, PreRelease: featuregate.Alpha},
 	UseCertificateRequestNameConstraints: {Default: false, PreRelease: featuregate.Alpha},
-	OtherNameSANs:                        {Default: false, PreRelease: featuregate.Alpha},
+	OtherNames:                           {Default: false, PreRelease: featuregate.Alpha},
 }
--- a/make/e2e-setup.mk
+++ b/make/e2e-setup.mk
@ -221,7 +221,7 @@ $(call local-image-tar,vaultretagged): $(call image-tar,vault)
 	tar cf $@ -C /tmp/vault .
 	@rm -rf /tmp/vault

-FEATURE_GATES ?= AdditionalCertificateOutputFormats=true,ExperimentalCertificateSigningRequestControllers=true,ExperimentalGatewayAPISupport=true,ServerSideApply=true,LiteralCertificateSubject=true,UseCertificateRequestBasicConstraints=true,UseCertificateRequestNameConstraints=true,OtherNameSANs=true
+FEATURE_GATES ?= AdditionalCertificateOutputFormats=true,ExperimentalCertificateSigningRequestControllers=true,ExperimentalGatewayAPISupport=true,ServerSideApply=true,LiteralCertificateSubject=true,UseCertificateRequestBasicConstraints=true,UseCertificateRequestNameConstraints=true,OtherNames=true

 ## Set this environment variable to a non empty string to cause cert-manager to
 ## be installed using best-practice configuration settings, and to install
@ -262,8 +262,8 @@ comma = ,

 # Helm's "--set" interprets commas, which means we want to escape commas
 # for "--set featureGates". That's why we have "\$(comma)".
-feature_gates_controller := $(subst $(space),\$(comma),$(filter AllAlpha=% AllBeta=% AdditionalCertificateOutputFormats=% ValidateCAA=% ExperimentalCertificateSigningRequestControllers=% ExperimentalGatewayAPISupport=% ServerSideApply=% LiteralCertificateSubject=% UseCertificateRequestBasicConstraints=% UseCertificateRequestNameConstraints=% SecretsFilteredCaching=% OtherNameSANs=%, $(subst $(comma),$(space),$(FEATURE_GATES))))
-feature_gates_webhook := $(subst $(space),\$(comma),$(filter AllAlpha=% AllBeta=% AdditionalCertificateOutputFormats=% LiteralCertificateSubject=% UseCertificateRequestNameConstraints=% OtherNameSANs=%, $(subst $(comma),$(space),$(FEATURE_GATES))))
+feature_gates_controller := $(subst $(space),\$(comma),$(filter AllAlpha=% AllBeta=% AdditionalCertificateOutputFormats=% ValidateCAA=% ExperimentalCertificateSigningRequestControllers=% ExperimentalGatewayAPISupport=% ServerSideApply=% LiteralCertificateSubject=% UseCertificateRequestBasicConstraints=% UseCertificateRequestNameConstraints=% SecretsFilteredCaching=% OtherNames=%, $(subst $(comma),$(space),$(FEATURE_GATES))))
+feature_gates_webhook := $(subst $(space),\$(comma),$(filter AllAlpha=% AllBeta=% AdditionalCertificateOutputFormats=% LiteralCertificateSubject=% UseCertificateRequestNameConstraints=% OtherNames=%, $(subst $(comma),$(space),$(FEATURE_GATES))))
 feature_gates_cainjector := $(subst $(space),\$(comma),$(filter AllAlpha=% AllBeta=% ServerSideApply=%, $(subst $(comma),$(space),$(FEATURE_GATES))))

 # Install cert-manager with E2E specific images and deployment settings.
--- a/pkg/apis/certmanager/v1/types_certificate.go
+++ b/pkg/apis/certmanager/v1/types_certificate.go
@ -182,11 +182,12 @@ type CertificateSpec struct {
 	// +optional
 	URIs []string `json:"uris,omitempty"`

-	// Any String-like OID type using oid:x.x.x.x type and StringValue value can be used for `otherName`.
-	// `otherName` is an escape hatch for SAN that allows any type but we restrict to string like, cf RFC 5280 p 37
-	// You should ensure that the OID is valid for the string type as we do not validate this.
+	// `otherNames` is an escape hatch for SAN that allows any type. We currently restrict the support to string like otherNames, cf RFC 5280 p 37
+	// Any UTF8 String valued otherName can be passed with by setting the keys oid: x.x.x.x and UTF8Value: somevalue for `otherName`.
+	// Most commonly this would be UPN set with oid: 1.3.6.1.4.1.311.20.2.3
+	// You should ensure that any OID passed is valid for the UTF8String type as we do not explicitly validate this.
 	// +optional
-	OtherNameSANs []OtherNameSAN `json:"otherNameSANs,omitempty"`
+	OtherNames []OtherName `json:"otherNames,omitempty"`

 	// Requested email subject alternative names.
 	// +optional
@ -280,15 +281,15 @@ type CertificateSpec struct {
 	NameConstraints *NameConstraints `json:"nameConstraints,omitempty"`
 }

-type OtherNameSAN struct {
+type OtherName struct {
 	// OID is the object identifier for the otherName SAN.
 	// The object identifier must be expressed as a dotted string, for
-	// example, "1.2.840.113549.1.9.1".
+	// example, "1.2.840.113556.1.4.221".
 	OID string `json:"oid,omitempty"`

 	// Utf8Value is the string value of the otherName SAN.
 	// The string value represents a UTF-8 encoded asn1 value.
-	Utf8Value string `json:"utf8Value,omitempty"`
+	UTF8Value string `json:"UTF8Value,omitempty"`
 }

 // CertificatePrivateKey contains configuration options for private keys
--- a/pkg/apis/certmanager/v1/zz_generated.deepcopy.go
+++ b/pkg/apis/certmanager/v1/zz_generated.deepcopy.go
@ -431,9 +431,9 @@ func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
-	if in.OtherNameSANs != nil {
-		in, out := &in.OtherNameSANs, &out.OtherNameSANs
-		*out = make([]OtherNameSAN, len(*in))
+	if in.OtherNames != nil {
+		in, out := &in.OtherNames, &out.OtherNames
+		*out = make([]OtherName, len(*in))
 		copy(*out, *in)
 	}
 	if in.EmailAddresses != nil {
@ -857,17 +857,17 @@ func (in *NameConstraints) DeepCopy() *NameConstraints {
 }

 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *OtherNameSAN) DeepCopyInto(out *OtherNameSAN) {
+func (in *OtherName) DeepCopyInto(out *OtherName) {
 	*out = *in
 	return
 }

-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OtherNameSAN.
-func (in *OtherNameSAN) DeepCopy() *OtherNameSAN {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OtherName.
+func (in *OtherName) DeepCopy() *OtherName {
 	if in == nil {
 		return nil
 	}
-	out := new(OtherNameSAN)
+	out := new(OtherName)
 	in.DeepCopyInto(out)
 	return out
 }
--- a/pkg/controller/certificates/requestmanager/requestmanager_controller.go
+++ b/pkg/controller/certificates/requestmanager/requestmanager_controller.go
@ -355,7 +355,7 @@ func (c *controller) createNewCertificateRequest(ctx context.Context, crt *cmapi
 		pki.WithUseLiteralSubject(utilfeature.DefaultMutableFeatureGate.Enabled(feature.LiteralCertificateSubject)),
 		pki.WithEncodeBasicConstraintsInRequest(utilfeature.DefaultMutableFeatureGate.Enabled(feature.UseCertificateRequestBasicConstraints)),
 		pki.WithEncodeNameConstraintsInRequest(utilfeature.DefaultMutableFeatureGate.Enabled(feature.UseCertificateRequestNameConstraints)),
-		pki.WithEncodeOtherNameSANs(utilfeature.DefaultMutableFeatureGate.Enabled(feature.OtherNameSANs)),
+		pki.WithEncodeOtherNames(utilfeature.DefaultMutableFeatureGate.Enabled(feature.OtherNames)),
 	)
 	if err != nil {
 		log.Error(err, "Failed to generate CSR - will not retry")
--- a/pkg/util/pki/csr.go
+++ b/pkg/util/pki/csr.go
@ -188,7 +188,7 @@ func BuildCertManagerKeyUsages(ku x509.KeyUsage, eku []x509.ExtKeyUsage) []v1.Ke
 type generateCSROptions struct {
 	EncodeBasicConstraintsInRequest bool
 	EncodeNameConstraintsInRequest  bool
-	EncodeOtherNameSANs             bool
+	EncodeOtherNames                bool
 	UseLiteralSubject               bool
 }

@ -209,9 +209,9 @@ func WithEncodeNameConstraintsInRequest(encode bool) GenerateCSROption {
 	}
 }

-func WithEncodeOtherNameSANs(encodeOtherNameSANs bool) GenerateCSROption {
+func WithEncodeOtherNames(encodeOtherNames bool) GenerateCSROption {
 	return func(o *generateCSROptions) {
-		o.EncodeOtherNameSANs = encodeOtherNameSANs
+		o.EncodeOtherNames = encodeOtherNames
 	}
 }

@ -229,7 +229,7 @@ func GenerateCSR(crt *v1.Certificate, optFuncs ...GenerateCSROption) (*x509.Cert
 	opts := &generateCSROptions{
 		EncodeBasicConstraintsInRequest: false,
 		EncodeNameConstraintsInRequest:  false,
-		EncodeOtherNameSANs:             false,
+		EncodeOtherNames:                false,
 		UseLiteralSubject:               false,
 	}
 	for _, opt := range optFuncs {
@ -277,15 +277,15 @@ func GenerateCSR(crt *v1.Certificate, optFuncs ...GenerateCSROption) (*x509.Cert
 		IPAddresses:                ipAddresses,
 	}

-	if opts.EncodeOtherNameSANs {
-		for _, otherName := range crt.Spec.OtherNameSANs {
+	if opts.EncodeOtherNames {
+		for _, otherName := range crt.Spec.OtherNames {
 			oid, err := ParseObjectIdentifier(otherName.OID)
 			if err != nil {
 				return nil, err
 			}

 			value, err := MarshalUniversalValue(UniversalValue{
-				Utf8String: otherName.Utf8Value,
+				Utf8String: otherName.UTF8Value,
 			})
 			if err != nil {
 				return nil, err
--- a/pkg/util/pki/csr_test.go
+++ b/pkg/util/pki/csr_test.go
@ -409,7 +409,7 @@ func TestGenerateCSR(t *testing.T) {
 		literalCertificateSubjectFeatureEnabled bool
 		basicConstraintsFeatureEnabled          bool
 		nameConstraintsFeatureEnabled           bool
-		encodeOtherNameSANsFeatureEnabled       bool
+		encodeOtherNamesFeatureEnabled          bool
 	}{
 		{
 			name: "Generate CSR from certificate with only DNS",
@ -538,10 +538,10 @@ func TestGenerateCSR(t *testing.T) {
 		},
 		{
 			name: "Generate CSR from certificate with a single otherNameSAN set to an oid (UPN)", // only a shallow validation is expected
-			crt: &cmapi.Certificate{Spec: cmapi.CertificateSpec{OtherNameSANs: []cmapi.OtherNameSAN{
+			crt: &cmapi.Certificate{Spec: cmapi.CertificateSpec{OtherNames: []cmapi.OtherName{
 				{
 					OID:       "1.3.6.1.4.1.311.20.2.3",
-					Utf8Value: "user@example.org",
+					UTF8Value: "user@example.org",
 				},
 			}}},
 			want: &x509.CertificateRequest{
@ -562,20 +562,20 @@ func TestGenerateCSR(t *testing.T) {
 				},
 				RawSubject: subjectGenerator(t, pkix.Name{}),
 			},
-			encodeOtherNameSANsFeatureEnabled: true,
+			encodeOtherNamesFeatureEnabled: true,
 		},
 		{
 			name: "Generate CSR from certificate with multiple valid otherName oids and emailSANs set",
 			crt: &cmapi.Certificate{Spec: cmapi.CertificateSpec{
 				EmailAddresses: []string{"user@example.org", "alt-email@example.org"},
-				OtherNameSANs: []cmapi.OtherNameSAN{
+				OtherNames: []cmapi.OtherName{
 					{
 						OID:       "1.3.6.1.4.1.311.20.2.3",
-						Utf8Value: "user@example.org",
+						UTF8Value: "user@example.org",
 					},
 					{
 						OID:       "1.2.840.113556.1.4.221",
-						Utf8Value: "user@example.org",
+						UTF8Value: "user@example.org",
 					},
 				}}},
 			want: &x509.CertificateRequest{
@ -601,14 +601,14 @@ func TestGenerateCSR(t *testing.T) {
 				},
 				RawSubject: subjectGenerator(t, pkix.Name{}),
 			},
-			encodeOtherNameSANsFeatureEnabled: true,
+			encodeOtherNamesFeatureEnabled: true,
 		},
 		{
 			name: "Generate CSR from certificate with malformed otherName oid type",
-			crt: &cmapi.Certificate{Spec: cmapi.CertificateSpec{OtherNameSANs: []cmapi.OtherNameSAN{
+			crt: &cmapi.Certificate{Spec: cmapi.CertificateSpec{OtherNames: []cmapi.OtherName{
 				{
 					OID:       "NOTANOID@garbage",
-					Utf8Value: "user@example.org",
+					UTF8Value: "user@example.org",
 				},
 			}}},
 			wantErr: true,
@ -815,7 +815,7 @@ func TestGenerateCSR(t *testing.T) {
 				tt.crt,
 				WithEncodeBasicConstraintsInRequest(tt.basicConstraintsFeatureEnabled),
 				WithEncodeNameConstraintsInRequest(tt.nameConstraintsFeatureEnabled),
-				WithEncodeOtherNameSANs(tt.encodeOtherNameSANsFeatureEnabled),
+				WithEncodeOtherNames(tt.encodeOtherNamesFeatureEnabled),
 				WithUseLiteralSubject(tt.literalCertificateSubjectFeatureEnabled),
 			)
 			if (err != nil) != tt.wantErr {
--- a/test/e2e/suite/certificates/othernamesan.go
+++ b/test/e2e/suite/certificates/othernamesan.go
@ -59,7 +59,7 @@ var _ = framework.CertManagerDescribe("othername san processing", func() {
 	}

 	f := framework.NewDefaultFramework("certificate-othername-san-processing")
-	createCertificate := func(f *framework.Framework, OtherNameSANs []cmapi.OtherNameSAN) (*cmapi.Certificate, error) {
+	createCertificate := func(f *framework.Framework, OtherNames []cmapi.OtherNameSAN) (*cmapi.Certificate, error) {
 		crt := &cmapi.Certificate{
 			ObjectMeta: metav1.ObjectMeta{
 				GenerateName: testName + "-",
@ -71,11 +71,11 @@ var _ = framework.CertManagerDescribe("othername san processing", func() {
 				IssuerRef: cmmeta.ObjectReference{
 					Name: issuerName, Kind: "Issuer", Group: "cert-manager.io",
 				},
-				OtherNameSANs:  OtherNameSANs,
+				OtherNames:     OtherNames,
 				EmailAddresses: emailAddresses,
 			},
 		}
-		By("creating Certificate with OtherNameSANs")
+		By("creating Certificate with OtherNames")
 		return f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(context.Background(), crt, metav1.CreateOptions{})
 	}