Custom Subject DN and altName OIDs
The first choice for using Subject DN attributes that are not built into EJBCA is to use Allow Subject DN Override by CSR and encode the desired values in the CSR. Sending this CSR from a trusted RA will then put the DN exactly as encoded in the CSR into the issued certificate.
We strongly recommend against custom subject DN attributes. In most cases where such attributes are used, a certificate extension would be a better choice. Only use DN attributes if mandated by a standard.
if you are looking to create your own subject DN attributes, look instead at the plethora of already standardized attributes. There is likely an existing attribute that fulfills your purpose.
Adding custom Subject DN OIDs
You can add custom subject DN OIDs to EJBCA only by modifying the source.
Using custom OIDs will not be covered by support. If using custom OIDs, they better not become standard ones later on, because if the underlying ASN.1 library in EJBCA starts to know the OIDs as standard ones, things will be renamed in the database and you will have to do a database migration. Additionally, you must consider your customizations when upgrading EJBCA.