Kleopatra allows you to customize the fields that the user is allowed to enter in order to create their certificate.

Create a group called CertificateCreationWizard in the system-wide kleopatrarc. If you want a custom order of attributes or if you only want certain items to appear, create a key called DNAttributeOrder. The argument is one or more of CN,SN,GN,L,T,OU,O,PC,C,SP,DC,BC,EMAIL If you want to initialize fields with a certain value, write something like Attribute=value. If you want the attribute to be treated as a required one, append an exclamation mark (e.g. CN!,L,OU,O!,C!,EMAIL!, which happens to be the default configuration).

Using the KIOSK mode modifier $e allows to retrieve the values from environment variables or from an evaluated script or binary. If you want to disallow editing of the respective field in addition, use the modifier $i. If you want to disallow the use Insert My Address button, set ShowSetWhoAmI to false.

The following example outlines possible customizations:

[CertificateCreationWizard] 
;Disallow to copy personal data from the addressbook, do not allow local override
ShowSetWhoAmI[$i]=false

;sets the user name to $USER
CN[$e]=$USER

;sets the company name to "My Company", disallows editing
O[$i]=My Company

;sets the department name to a value returned by a script
OU[$ei]=$(lookup_dept_from_ip)

; sets country to DE, but allows for changes by the user
C=DE