diff --git a/lib/Controller/AdminController.php b/lib/Controller/AdminController.php
index b71e6622ef..cc4450d686 100644
--- a/lib/Controller/AdminController.php
+++ b/lib/Controller/AdminController.php
@@ -14,6 +14,7 @@
 use OCA\Libresign\Handler\CertificateEngine\IEngineHandler;
 use OCA\Libresign\Helper\ConfigureCheckHelper;
 use OCA\Libresign\ResponseDefinitions;
+use OCA\Libresign\Service\Certificate\ValidateService;
 use OCA\Libresign\Service\CertificatePolicyService;
 use OCA\Libresign\Service\Install\ConfigureCheckService;
 use OCA\Libresign\Service\Install\InstallService;
@@ -54,6 +55,7 @@ public function __construct(
 		protected ISession $session,
 		private SignatureBackgroundService $signatureBackgroundService,
 		private CertificatePolicyService $certificatePolicyService,
+		private ValidateService $validateService,
 	) {
 		parent::__construct(Application::APP_ID, $request);
 		$this->eventSource = $this->eventSourceFactory->create();
@@ -136,15 +138,14 @@ private function generateCertificate(
 	): IEngineHandler {
 		$names = [];
 		if (isset($rootCert['names'])) {
+			$this->validateService->validateNames($rootCert['names']);
 			foreach ($rootCert['names'] as $item) {
-				if (empty($item['id'])) {
-					throw new LibresignException('Parameter id is required!', 400);
-				}
-				$names[$item['id']]['value'] = $this->trimAndThrowIfEmpty($item['id'], $item['value']);
+				$names[$item['id']]['value'] = trim((string)$item['value']);
 			}
 		}
+		$this->validateService->validate('CN', $rootCert['commonName']);
 		$this->installService->generate(
-			$this->trimAndThrowIfEmpty('commonName', $rootCert['commonName']),
+			trim((string)$rootCert['commonName']),
 			$names,
 			$properties,
 		);
@@ -177,13 +178,6 @@ public function loadCertificate(): DataResponse {
 		return new DataResponse($certificate);
 	}
 
-	private function trimAndThrowIfEmpty(string $key, $value): string {
-		if (empty($value)) {
-			throw new LibresignException("parameter '{$key}' is required!", 400);
-		}
-		return trim((string)$value);
-	}
-
 	/**
 	 * Check the configuration of LibreSign
 	 *
diff --git a/lib/Service/Certificate/RulesService.php b/lib/Service/Certificate/RulesService.php
new file mode 100644
index 0000000000..8c1e30bdae
--- /dev/null
+++ b/lib/Service/Certificate/RulesService.php
@@ -0,0 +1,100 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2025 LibreCode coop and contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\Libresign\Service\Certificate;
+
+use OCP\IL10N;
+
+class RulesService {
+
+	private array $rules = [
+		'CN' => [
+			'required' => true,
+			'min' => 1,
+			'max' => 64,
+		],
+		'C' => [
+			'min' => 2,
+			'max' => 2,
+		],
+		'ST' => [
+			'min' => 1,
+			'max' => 128,
+		],
+		'L' => [
+			'min' => 1,
+			'max' => 128,
+		],
+		'O' => [
+			'min' => 1,
+			'max' => 64,
+		],
+		'OU' => [
+			'min' => 1,
+			'max' => 64,
+		],
+	];
+
+	public function __construct(
+		protected IL10N $l10n,
+	) {
+	}
+
+	public function getRule(string $fieldName): array {
+		if (!array_key_exists($fieldName, $this->rules)) {
+			return [];
+		}
+		if (!isset($this->rules[$fieldName]['helperText'])) {
+			$this->rules[$fieldName]['helperText'] = $this->getHelperText($fieldName);
+			if (empty($this->rules[$fieldName]['helperText'])) {
+				unset($this->rules[$fieldName]['helperText']);
+			}
+		}
+		return $this->rules[$fieldName];
+	}
+
+	public function getHelperText(string $fieldName): ?string {
+		return match ($fieldName) {
+			'CN' => $this->l10n->t('Common Name (CN)'),
+			'C' => $this->l10n->t('Two-letter ISO 3166 country code'),
+			'ST' => $this->l10n->t('Full name of states or provinces'),
+			'L' => $this->l10n->t('Name of a locality or place, such as a city, county, or other geographic region'),
+			'O' => $this->l10n->t('Name of an organization'),
+			'OU' => $this->l10n->t('Name of an organizational unit'),
+			default => null,
+		};
+	}
+
+	public function toArray(): array {
+		$result = [];
+		foreach ($this->rules as $field => $rule) {
+			$result[] = [
+				'id' => $field,
+				'label' => $this->getLabel($field),
+				'min' => $rule['min'] ?? null,
+				'max' => $rule['max'] ?? null,
+				'required' => $rule['required'] ?? false,
+				'helperText' => $this->getHelperText($field),
+			];
+		}
+		return $result;
+	}
+
+	private function getLabel(string $fieldName): string {
+		return match ($fieldName) {
+			'CN' => $this->l10n->t('Common Name (CN)'),
+			'C' => $this->l10n->t('Country'),
+			'ST' => $this->l10n->t('State'),
+			'L' => $this->l10n->t('Locality'),
+			'O' => $this->l10n->t('Organization'),
+			'OU' => $this->l10n->t('Organizational Unit'),
+			default => $fieldName,
+		};
+	}
+
+}
diff --git a/lib/Service/Certificate/ValidateService.php b/lib/Service/Certificate/ValidateService.php
new file mode 100644
index 0000000000..64af245851
--- /dev/null
+++ b/lib/Service/Certificate/ValidateService.php
@@ -0,0 +1,57 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2025 LibreCode coop and contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\Libresign\Service\Certificate;
+
+use InvalidArgumentException;
+use OCP\IL10N;
+
+class ValidateService {
+
+	public function __construct(
+		protected RulesService $rulesService,
+		protected IL10N $l10n,
+	) {
+	}
+
+	public function validate(string $fieldName, string $value): void {
+		$rule = $this->rulesService->getRule($fieldName);
+		$value = trim($value);
+		$length = strlen($value);
+
+		if ($fieldName === 'id' && $length === 0) {
+			throw new InvalidArgumentException('Parameter id is invalid');
+		}
+
+		if (!$length && isset($rule['required']) && $rule['required']) {
+			throw new InvalidArgumentException(
+				$this->l10n->t("Parameter '%s' is required!", [$fieldName])
+			);
+		}
+
+		if ($length > $rule['max'] || $length < $rule['min']) {
+			throw new InvalidArgumentException(
+				$this->l10n->t(
+					"Parameter '%s' should be between %s and %s.",
+					[$fieldName, $rule['min'], $rule['max']]
+				)
+			);
+		}
+	}
+
+
+	public function validateNames(array $names) {
+		foreach ($names as $item) {
+			if (empty($item['id'])) {
+				throw new InvalidArgumentException('Parameter id is required!');
+			}
+			$this->validate($item['id'], $item['value']);
+		}
+	}
+
+}
diff --git a/lib/Settings/Admin.php b/lib/Settings/Admin.php
index 648f6c10bc..030bcdda68 100644
--- a/lib/Settings/Admin.php
+++ b/lib/Settings/Admin.php
@@ -11,6 +11,7 @@
 use OCA\Libresign\AppInfo\Application;
 use OCA\Libresign\Exception\LibresignException;
 use OCA\Libresign\Handler\CertificateEngine\CertificateEngineFactory;
+use OCA\Libresign\Service\Certificate\RulesService;
 use OCA\Libresign\Service\CertificatePolicyService;
 use OCA\Libresign\Service\IdentifyMethodService;
 use OCA\Libresign\Service\SignatureBackgroundService;
@@ -30,6 +31,7 @@ public function __construct(
 		private IAppConfig $appConfig,
 		private SignatureTextService $signatureTextService,
 		private SignatureBackgroundService $signatureBackgroundService,
+		private RulesService $rulesService,
 	) {
 	}
 	public function getForm(): TemplateResponse {
@@ -44,6 +46,7 @@ public function getForm(): TemplateResponse {
 		$this->initialState->provideInitialState('certificate_engine', $this->certificateEngineFactory->getEngine()->getName());
 		$this->initialState->provideInitialState('certificate_policies_oid', $this->certificatePolicyService->getOid());
 		$this->initialState->provideInitialState('certificate_policies_cps', $this->certificatePolicyService->getCps());
+		$this->initialState->provideInitialState('rules_service', $this->rulesService->toArray());
 		$this->initialState->provideInitialState('config_path', $this->appConfig->getValueString(Application::APP_ID, 'config_path'));
 		$this->initialState->provideInitialState('default_signature_font_size', SignatureTextService::SIGNATURE_DEFAULT_FONT_SIZE);
 		$this->initialState->provideInitialState('default_signature_height', SignatureTextService::DEFAULT_SIGNATURE_HEIGHT);
diff --git a/src/helpers/certification.js b/src/helpers/certification.js
deleted file mode 100644
index b5fc5bdf2b..0000000000
--- a/src/helpers/certification.js
+++ /dev/null
@@ -1,69 +0,0 @@
-/**
- * SPDX-FileCopyrightText: 2020-2024 LibreCode coop and contributors
- * SPDX-License-Identifier: AGPL-3.0-or-later
- */
-import { Option } from '@marionebl/option'
-
-import { translate as t } from '@nextcloud/l10n'
-
-/**
- * Return custom options details from ID
- *
- * @param {string} id identification of custom option
- */
-export function selectCustonOption(id) {
-	return Option.from(options.find(item => item.id === id))
-}
-
-/**
- * More informations: https://www.ietf.org/rfc/rfc5280.txt
- */
-export const options = [
-	{
-		id: 'CN',
-		label: t('libresign', 'Name (CN)'),
-		max: 64,
-		value: '',
-		helperText: t('libresign', 'Name (CN)'),
-	},
-	{
-		id: 'C',
-		label: 'Country',
-		min: 2,
-		max: 2,
-		value: '',
-		helperText: t('libresign', 'Two-letter ISO 3166 country code'),
-	},
-	{
-		id: 'ST',
-		label: 'State',
-		min: 1,
-		max: 128,
-		value: '',
-		helperText: t('libresign', 'Full name of states or provinces'),
-	},
-	{
-		id: 'L',
-		label: 'Locality',
-		min: 1,
-		max: 128,
-		value: '',
-		helperText: t('libresign', 'Name of a locality or place, such as a city, county, or other geographic region'),
-	},
-	{
-		id: 'O',
-		label: 'Organization',
-		min: 1,
-		max: 64,
-		value: '',
-		helperText: t('libresign', 'Name of an organization'),
-	},
-	{
-		id: 'OU',
-		label: 'OrganizationalUnit',
-		min: 1,
-		max: 64,
-		value: '',
-		helperText: t('libresign', 'Name of an organizational unit'),
-	},
-]
diff --git a/src/views/ReadCertificate/CertificateContent.vue b/src/views/ReadCertificate/CertificateContent.vue
index deae94f43a..2b211e90c4 100644
--- a/src/views/ReadCertificate/CertificateContent.vue
+++ b/src/views/ReadCertificate/CertificateContent.vue
@@ -63,8 +63,7 @@
 
 <script>
 
-// import CertificateContent from './CertificateContent.vue'
-import { selectCustonOption } from '../../helpers/certification.js'
+import { loadState } from '@nextcloud/initial-state'
 
 export default {
 	name: 'CertificateContent',
@@ -79,6 +78,11 @@ export default {
 			default: '0',
 		},
 	},
+	data() {
+		return {
+			rulesService: loadState('libresign', 'rules_service') || [],
+		}
+	},
 	methods: {
 		orderList(data) {
 			const sorted = {};
@@ -94,13 +98,12 @@ export default {
 			})
 			return sorted
 		},
+		getRuleById(id) {
+			return this.rulesService.find(rule => rule.id === id) || {}
+		},
 		getLabelFromId(id) {
-			try {
-				const item = selectCustonOption(id).unwrap()
-				return item.label
-			} catch (error) {
-				return id
-			}
+			const rule = this.getRuleById(id)
+			return rule.label || id
 		},
 	},
 }
diff --git a/src/views/Settings/CertificateCustonOptions.vue b/src/views/Settings/CertificateCustonOptions.vue
index dffa6437c5..2fd11acebe 100644
--- a/src/views/Settings/CertificateCustonOptions.vue
+++ b/src/views/Settings/CertificateCustonOptions.vue
@@ -54,14 +54,13 @@
 import Delete from 'vue-material-design-icons/Delete.vue'
 
 import { emit } from '@nextcloud/event-bus'
+import { loadState } from '@nextcloud/initial-state'
 
 import NcButton from '@nextcloud/vue/components/NcButton'
 import NcListItem from '@nextcloud/vue/components/NcListItem'
 import NcPopover from '@nextcloud/vue/components/NcPopover'
 import NcTextField from '@nextcloud/vue/components/NcTextField'
 
-import { options, selectCustonOption } from '../../helpers/certification.js'
-
 export default {
 	name: 'CertificateCustonOptions',
 	components: {
@@ -80,16 +79,17 @@ export default {
 	data() {
 		return {
 			certificateList: [],
+			allOptions: loadState('libresign', 'rules_service') || [],
 		}
 	},
 	computed: {
 		customNamesOptions() {
-			return this.options.filter(itemA =>
-				!this.certificateList.some(itemB => itemB.id === itemA.id),
-			)
+			return this.allOptions
+				.filter(itemA => itemA.id !== 'CN')
+				.filter(itemA => !this.certificateList.some(itemB => itemB.id === itemA.id))
 		},
 		options() {
-			return options.filter(option => option.id !== 'CN')
+			return this.allOptions.filter(option => option.id !== 'CN')
 		},
 	},
 	watch: {
@@ -98,6 +98,13 @@ export default {
 		},
 	},
 	methods: {
+		selectCustonOption(id) {
+			const found = this.allOptions.find(option => option.id === id)
+			if (found) {
+				return { ...found, value: '' }
+			}
+			return null
+		},
 		getOptionProperty(id, property) {
 			return this.options.find(option => option.id === id)[property]
 		},
@@ -111,23 +118,23 @@ export default {
 			return true
 		},
 		validate(id) {
-			const custonOption = selectCustonOption(id)
-			if (custonOption.isSome()) {
-				const item = custonOption.unwrap()
-				if (this.validateMin(item) && this.validateMax(item)) {
-					item.error = false
-				} else {
-					item.error = true
-				}
-				const listToSave = this.certificateList.map(certificate => ({
-					id: certificate.id,
-					value: certificate.value,
-				}))
-				emit('libresign:update:certificateToSave', listToSave)
-			}
+			const option = this.certificateList.find(c => c.id === id)
+			if (!option) return
+
+			const rule = this.allOptions.find(o => o.id === id)
+			if (!rule) return
+
+			option.error = !(this.validateMin({ ...rule, value: option.value })
+							&& this.validateMax({ ...rule, value: option.value }))
+
+			const listToSave = this.certificateList.map(certificate => ({
+				id: certificate.id,
+				value: certificate.value,
+			}))
+			emit('libresign:update:certificateToSave', listToSave)
 		},
 		async removeOptionalAttribute(id) {
-			const custonOption = selectCustonOption(id)
+			const custonOption = this.selectCustonOption(id)
 			if (custonOption.isSome()) {
 				const itemSelected = {
 					...custonOption.unwrap(),
@@ -138,7 +145,7 @@ export default {
 			}
 		},
 		async onOptionalAttributeSelect(selected) {
-			const custonOption = selectCustonOption(selected.id)
+			const custonOption = this.selectCustonOption(selected.id)
 			if (custonOption.isSome()) {
 				this.certificateList = [custonOption.unwrap(), ...this.certificateList]
 			}
diff --git a/src/views/Settings/RootCertificateCfssl.vue b/src/views/Settings/RootCertificateCfssl.vue
index e8e493c45a..2e58d7ef92 100644
--- a/src/views/Settings/RootCertificateCfssl.vue
+++ b/src/views/Settings/RootCertificateCfssl.vue
@@ -11,7 +11,7 @@
 			<table class="grid">
 				<tbody>
 					<tr>
-						<td>{{ t('libresign', 'Name (CN)') }}</td>
+						<td>{{ t('libresign', 'Common Name (CN)') }}</td>
 						<td>{{ certificate.rootCert.commonName }}</td>
 					</tr>
 					<tr v-for="(customName) in certificate.rootCert.names" :key="customName.id" class="customNames">
@@ -57,7 +57,7 @@
 		</div>
 		<div v-else id="formRootCertificate" class="form-libresign">
 			<div class="form-group">
-				<label for="commonName" class="form-heading--required">{{ t('libresign', 'Name (CN)') }}</label>
+				<label for="commonName" class="form-heading--required">{{ t('libresign', 'Common Name (CN)') }}</label>
 				<NcTextField id="commonName"
 					ref="commonName"
 					v-model="certificate.rootCert.commonName"
@@ -126,7 +126,6 @@ import NcTextField from '@nextcloud/vue/components/NcTextField'
 import CertificateCustonOptions from './CertificateCustonOptions.vue'
 import CertificatePolicy from './CertificatePolicy.vue'
 
-import { selectCustonOption } from '../../helpers/certification.js'
 import logger from '../../logger.js'
 import { useConfigureCheckStore } from '../../store/configureCheck.js'
 
@@ -148,6 +147,7 @@ export default {
 	data() {
 		const OID = loadState('libresign', 'certificate_policies_oid')
 		const CPS = loadState('libresign', 'certificate_policies_cps')
+		const rules = loadState('libresign', 'rules_service') || []
 		return {
 			isThisEngine: loadState('libresign', 'certificate_engine') === 'cfssl',
 			modal: false,
@@ -170,6 +170,7 @@ export default {
 			CPS,
 			toggleCertificatePolicy: !!(OID || CPS),
 			certificatePolicyValid: !!OID && !!CPS,
+			allOptions: rules,
 		}
 	},
 	computed: {
@@ -212,9 +213,22 @@ export default {
 		updateNames(names) {
 			this.certificate.rootCert.names = names
 		},
+		selectCustonOption(id) {
+			return this.allOptions.find(option => option.id === id) || null
+		},
 		getLabelFromId(id) {
-			const item = selectCustonOption(id).unwrap()
-			return item.label
+			const option = this.selectCustonOption(id)
+			return option ? option.label : id
+		},
+		validateField(id, value) {
+			const rule = this.selectCustonOption(id)
+			if (!rule) return true
+
+			if (rule.required && !value) return false
+			if (rule.min && value.length < rule.min) return false
+			if (rule.max && value.length > rule.max) return false
+
+			return true
 		},
 		changeEngine(engine) {
 			this.isThisEngine = engine === 'cfssl'
diff --git a/src/views/Settings/RootCertificateOpenSsl.vue b/src/views/Settings/RootCertificateOpenSsl.vue
index be372fb0db..29449d3fe6 100644
--- a/src/views/Settings/RootCertificateOpenSsl.vue
+++ b/src/views/Settings/RootCertificateOpenSsl.vue
@@ -11,7 +11,7 @@
 			<table class="grid">
 				<tbody>
 					<tr>
-						<td>{{ t('libresign', 'Name (CN)') }}</td>
+						<td>{{ t('libresign', 'Common Name (CN)') }}</td>
 						<td>{{ certificate.rootCert.commonName }}</td>
 					</tr>
 					<tr v-for="(customName) in certificate.rootCert.names" :key="customName.id" class="customNames">
@@ -53,14 +53,15 @@
 		</div>
 		<div v-else id="formRootCertificateOpenSsl" class="form-libresign">
 			<div class="form-group">
-				<label for="commonName" class="form-heading--required">{{ t('libresign', 'Name (CN)') }}</label>
+				<label for="commonName" class="form-heading--required">{{ t('libresign', 'Common Name (CN)') }}</label>
 				<NcTextField id="commonName"
 					ref="commonName"
 					v-model="certificate.rootCert.commonName"
-					:helper-text="t('libresign', 'Full name of the main company or main user of this instance')"
-					:minlength="1"
-					:success="certificate.rootCert.commonName !== ''"
-					:error="certificate.rootCert.commonName === ''"
+					:helper-text="getRuleById('CN').helperText"
+					:minlength="getRuleById('CN').min"
+					:maxlength="getRuleById('CN').max"
+					:success="!getRuleById('CN').required || certificate.rootCert.commonName !== ''"
+					:error="getRuleById('CN').required && certificate.rootCert.commonName === ''"
 					:disabled="formDisabled" />
 			</div>
 			<CertificateCustonOptions :names.sync="certificate.rootCert.names" />
@@ -115,7 +116,6 @@ import NcTextField from '@nextcloud/vue/components/NcTextField'
 import CertificateCustonOptions from './CertificateCustonOptions.vue'
 import CertificatePolicy from './CertificatePolicy.vue'
 
-import { selectCustonOption } from '../../helpers/certification.js'
 import logger from '../../logger.js'
 import { useConfigureCheckStore } from '../../store/configureCheck.js'
 
@@ -137,7 +137,9 @@ export default {
 	data() {
 		const OID = loadState('libresign', 'certificate_policies_oid')
 		const CPS = loadState('libresign', 'certificate_policies_cps')
+		const rulesService = loadState('libresign', 'rules_service')
 		return {
+			rulesService,
 			isThisEngine: loadState('libresign', 'certificate_engine') === 'openssl',
 			modal: false,
 			certificate: {
@@ -198,9 +200,12 @@ export default {
 		updateNames(names) {
 			this.certificate.rootCert.names = names
 		},
+		getRuleById(id) {
+			return this.rulesService.find(rule => rule.id === id) || {}
+		},
 		getLabelFromId(id) {
-			const item = selectCustonOption(id).unwrap()
-			return item.label
+			const rule = this.getRuleById(id)
+			return rule.label || id
 		},
 		changeEngine(engine) {
 			this.isThisEngine = engine === 'openssl'
diff --git a/tests/integration/features/admin/certificate_openssl.feature b/tests/integration/features/admin/certificate_openssl.feature
index 09fd36ca30..91aba70771 100644
--- a/tests/integration/features/admin/certificate_openssl.feature
+++ b/tests/integration/features/admin/certificate_openssl.feature
@@ -12,6 +12,24 @@ Feature: admin/certificate_openssl
       | (jq).ocs.data.rootCert.names\|length | 0           |
       | (jq).ocs.data.generated              | true        |
 
+  Scenario: Generate root cert with fail without CN
+    Given as user "admin"
+    When sending "post" to ocs "/apps/libresign/api/v1/admin/certificate/openssl"
+      | rootCert | {"commonName":""} |
+    Then the response should have a status code 401
+    And the response should be a JSON array with the following mandatory values
+      | key                   | value                       |
+      | (jq).ocs.data.message | Parameter 'CN' is required! |
+
+  Scenario: Generate root cert with a big CN
+    Given as user "admin"
+    When sending "post" to ocs "/apps/libresign/api/v1/admin/certificate/openssl"
+      | rootCert | {"commonName":"0123456789012345678901234567890123456789012345678901234567890123456789"} |
+    Then the response should have a status code 401
+    And the response should be a JSON array with the following mandatory values
+      | key                   | value                                       |
+      | (jq).ocs.data.message | Parameter 'CN' should be between 1 and 64. |
+
   Scenario: Generate root cert with success using optional names values
     Given as user "admin"
     When sending "post" to ocs "/apps/libresign/api/v1/admin/certificate/openssl"
@@ -26,3 +44,21 @@ Feature: admin/certificate_openssl
       | (jq).ocs.data.rootCert.names[0].id    | C           |
       | (jq).ocs.data.rootCert.names[0].value | BR          |
       | (jq).ocs.data.generated               | true        |
+
+  Scenario: Generate root cert with fail when country have less then 2 characters
+      Given as user "admin"
+      When sending "post" to ocs "/apps/libresign/api/v1/admin/certificate/openssl"
+        | rootCert | {"commonName":"Common Name","names":[{"id": "C","value":"B"}]} |
+      Then the response should have a status code 401
+      And the response should be a JSON array with the following mandatory values
+        | key                   | value                                     |
+        | (jq).ocs.data.message | Parameter 'C' should be between 2 and 2. |
+
+  Scenario: Generate root cert with fail when country have more then 2 characters
+      Given as user "admin"
+      When sending "post" to ocs "/apps/libresign/api/v1/admin/certificate/openssl"
+        | rootCert | {"commonName":"Common Name","names":[{"id": "C","value":"BRA"}]} |
+      Then the response should have a status code 401
+      And the response should be a JSON array with the following mandatory values
+        | key                   | value                                     |
+        | (jq).ocs.data.message | Parameter 'C' should be between 2 and 2. |
diff --git a/tests/php/Unit/Service/Certificate/RulesServiceTest.php b/tests/php/Unit/Service/Certificate/RulesServiceTest.php
new file mode 100644
index 0000000000..f2c326a6ad
--- /dev/null
+++ b/tests/php/Unit/Service/Certificate/RulesServiceTest.php
@@ -0,0 +1,150 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2025 LibreCode coop and contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\Libresign\Tests\Unit\Service;
+
+use OCA\Libresign\AppInfo\Application;
+use OCA\Libresign\Service\Certificate\RulesService;
+use OCP\IL10N;
+use OCP\L10N\IFactory as IL10NFactory;
+use PHPUnit\Framework\Attributes\DataProvider;
+
+final class RulesServiceTest extends \OCA\Libresign\Tests\Unit\TestCase {
+	private IL10N $l10n;
+
+	public function setUp(): void {
+		$this->l10n = \OCP\Server::get(IL10NFactory::class)->get(Application::APP_ID);
+	}
+
+	public function getService(): RulesService {
+		return new RulesService(
+			$this->l10n,
+		);
+	}
+
+	#[DataProvider('providerGetHelperTextWithValidFieldName')]
+	public function testGetHelperTextWithValidFieldName(string $fieldName, string $expected): void {
+		$service = $this->getService();
+		$helperText = $service->getHelperText($fieldName);
+		$this->assertNotEmpty($helperText);
+		$this->assertStringContainsString($expected, $helperText);
+	}
+
+	public static function providerGetHelperTextWithValidFieldName(): array {
+		return [
+			['CN', 'Common Name'],
+			['C', 'country code'],
+			['ST', 'states'],
+			['L', 'locality'],
+			['O', 'organization'],
+			['OU', 'organizational unit'],
+		];
+	}
+
+	#[DataProvider('providerGetHelperTextWithInvalidFieldName')]
+	public function testGetHelperTextWithInvalidFieldName(string $fieldName): void {
+		$service = $this->getService();
+		$helperText = $service->getHelperText($fieldName);
+		$this->assertNull($helperText);
+	}
+
+	public static function providerGetHelperTextWithInvalidFieldName(): array {
+		return [
+			['INVALID'],
+			['NULL'],
+			[''],
+			['123'],
+			['!@#'],
+			['CN1'],
+			['C2'],
+			['ST3'],
+			['L4'],
+			['O5'],
+			['OU6'],
+		];
+	}
+
+	#[DataProvider('providerGetRuleToValidField')]
+	public function testGetRuleToValidField(string $fieldName, array $expected): void {
+		$service = $this->getService();
+
+		$actual = $service->getRule($fieldName);
+
+		$this->assertArrayHasKey('helperText', $actual);
+		unset($actual['helperText']);
+
+		$this->assertCount(count($expected), $actual, "Expected count does not match actual count for field: $fieldName");
+
+		$this->assertSame($expected, $actual, "Mismatch for field: $fieldName");
+	}
+
+	public static function providerGetRuleToValidField(): array {
+		return [
+			[
+				'CN', [
+					'required' => true,
+					'min' => 1,
+					'max' => 64,
+				],
+			],
+			[
+				'C', [
+					'min' => 2,
+					'max' => 2,
+				],
+			],
+			[
+				'ST', [
+					'min' => 1,
+					'max' => 128,
+				],
+			],
+			[
+				'L', [
+					'min' => 1,
+					'max' => 128,
+				],
+			],
+			[
+				'O', [
+					'min' => 1,
+					'max' => 64,
+				],
+			],
+			[
+				'OU', [
+					'min' => 1,
+					'max' => 64,
+				],
+			],
+		];
+	}
+
+	#[DataProvider('providerGetRuleToInvalidField')]
+	public function testGetRuleToInvalidField(string $fieldName): void {
+		$service = $this->getService();
+		$actual = $service->getRule($fieldName);
+		$this->assertEmpty($actual);
+	}
+
+	public static function providerGetRuleToInvalidField(): array {
+		return [
+			['INVALID'],
+			['NULL'],
+			[''],
+			['123'],
+			['!@#'],
+			['CN1'],
+			['C2'],
+			['ST3'],
+			['L4'],
+			['O5'],
+			['OU6'],
+		];
+	}
+}
diff --git a/tests/php/Unit/Service/Certificate/ValidateServiceTest.php b/tests/php/Unit/Service/Certificate/ValidateServiceTest.php
new file mode 100644
index 0000000000..398293546c
--- /dev/null
+++ b/tests/php/Unit/Service/Certificate/ValidateServiceTest.php
@@ -0,0 +1,117 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2025 LibreCode coop and contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\Libresign\Tests\Unit\Service;
+
+use InvalidArgumentException;
+use OCA\Libresign\AppInfo\Application;
+use OCA\Libresign\Service\Certificate\RulesService;
+use OCA\Libresign\Service\Certificate\ValidateService;
+use OCP\IL10N;
+use OCP\L10N\IFactory as IL10NFactory;
+use PHPUnit\Framework\Attributes\DataProvider;
+
+final class ValidateServiceTest extends \OCA\Libresign\Tests\Unit\TestCase {
+
+	private IL10N $l10n;
+
+	public function setUp(): void {
+		$this->l10n = \OCP\Server::get(IL10NFactory::class)->get(Application::APP_ID);
+	}
+
+	private function getService(): ValidateService {
+		$rulesService = new RulesService($this->l10n);
+		return new ValidateService(
+			$rulesService,
+			$this->l10n
+		);
+	}
+
+	#[DataProvider('providerValidInputs')]
+	public function testValidateWithValidInput(string $fieldName, string $value): void {
+		$service = $this->getService();
+		$service->validate($fieldName, $value);
+		$this->assertTrue(true);
+	}
+
+	public static function providerValidInputs(): array {
+		return [
+			['CN', 'John Doe'],
+			['C', 'BR'],
+			['ST', 'Amazonas'],
+			['L', 'Manaus'],
+			['O', 'LibreCode'],
+			['OU', 'Development'],
+		];
+	}
+
+	#[DataProvider('providerInvalidInputs')]
+	public function testValidateWithInvalidInput(string $fieldName, string $value, string $expectedMessage): void {
+		$service = $this->getService();
+		$this->expectException(InvalidArgumentException::class);
+		$this->expectExceptionMessage($expectedMessage);
+		$service->validate($fieldName, $value);
+	}
+
+	public static function providerInvalidInputs(): array {
+		return [
+			['CN', '', "Parameter 'CN' is required!"],
+			['CN', str_repeat('a', 65), "Parameter 'CN' should be between 1 and 64."],
+			['C', 'B', "Parameter 'C' should be between 2 and 2."],
+			['C', 'BRA', "Parameter 'C' should be between 2 and 2."],
+			['ST', str_repeat('x', 129), "Parameter 'ST' should be between 1 and 128."],
+		];
+	}
+
+	public function testValidateNamesWithValidArray(): void {
+		$service = $this->getService();
+
+		$names = [
+			['id' => 'CN', 'value' => 'Maria da Silva'],
+			['id' => 'C', 'value' => 'BR'],
+		];
+
+		$service->validateNames($names);
+
+		$this->assertTrue(true);
+	}
+
+	public function testValidateNamesWithoutIdShouldFail(): void {
+		$service = $this->getService();
+
+		$names = [
+			['id' => '', 'value' => 'Name'],
+			['value' => 'Name'],
+		];
+
+		$this->expectException(InvalidArgumentException::class);
+		$this->expectExceptionMessage('Parameter id is required!');
+
+		$service->validateNames($names);
+	}
+
+
+	#[DataProvider('providerInvalidNames')]
+	public function testValidateNamesWithInvalidValueShouldFail(array $name, string $expectedMessage): void {
+		$service = $this->getService();
+
+		$this->expectException(InvalidArgumentException::class);
+		$this->expectExceptionMessage($expectedMessage);
+
+		$service->validateNames([$name]);
+	}
+
+	public static function providerInvalidNames(): array {
+		return [
+			[['id' => 'C', 'value' => ''],   "Parameter 'C' should be between 2 and 2."],
+			[['id' => 'C', 'value' => 'B'],  "Parameter 'C' should be between 2 and 2."],
+			[['id' => 'C', 'value' => 'BRA'], "Parameter 'C' should be between 2 and 2."],
+			[['id' => 'C', 'value' => 'BRAA'], "Parameter 'C' should be between 2 and 2."],
+		];
+	}
+}
diff --git a/tests/php/Unit/Settings/AdminTest.php b/tests/php/Unit/Settings/AdminTest.php
index 3d971e6de2..1e68fca4e7 100644
--- a/tests/php/Unit/Settings/AdminTest.php
+++ b/tests/php/Unit/Settings/AdminTest.php
@@ -10,6 +10,7 @@
 
 use OCA\Libresign\AppInfo\Application;
 use OCA\Libresign\Handler\CertificateEngine\CertificateEngineFactory;
+use OCA\Libresign\Service\Certificate\RulesService;
 use OCA\Libresign\Service\CertificatePolicyService;
 use OCA\Libresign\Service\IdentifyMethodService;
 use OCA\Libresign\Service\SignatureBackgroundService;
@@ -31,6 +32,8 @@ final class AdminTest extends \OCA\Libresign\Tests\Unit\TestCase {
 	private IAppConfig&MockObject $appConfig;
 	private SignatureTextService&MockObject $signatureTextService;
 	private SignatureBackgroundService&MockObject $signatureBackgroundService;
+	private RulesService&MockObject $rulesService;
+
 	public function setUp(): void {
 		$this->initialState = $this->createMock(IInitialState::class);
 		$this->identifyMethodService = $this->createMock(IdentifyMethodService::class);
@@ -39,6 +42,7 @@ public function setUp(): void {
 		$this->appConfig = $this->createMock(IAppConfig::class);
 		$this->signatureTextService = $this->createMock(SignatureTextService::class);
 		$this->signatureBackgroundService = $this->createMock(SignatureBackgroundService::class);
+		$this->rulesService = $this->createMock(RulesService::class);
 		$this->admin = new Admin(
 			$this->initialState,
 			$this->identifyMethodService,
@@ -47,6 +51,7 @@ public function setUp(): void {
 			$this->appConfig,
 			$this->signatureTextService,
 			$this->signatureBackgroundService,
+			$this->rulesService,
 		);
 	}