diff --git a/cmd/csaf_provider/config.go b/cmd/csaf_provider/config.go
index a5b1bc6..def8c26 100644
--- a/cmd/csaf_provider/config.go
+++ b/cmd/csaf_provider/config.go
@@ -44,7 +44,7 @@ type config struct {
 	DynamicProviderMetaData bool            `toml:"dynamic_provider_metadata"`
 	Publisher               *csaf.Publisher `toml:"publisher"`
 	UploadLimit             *int64          `toml:"upload_limit"`
-	Issuer                  string          `toml:"issuer"`
+	Issuer                  *string         `toml:"issuer"`
 }
 
 type tlp string
diff --git a/cmd/csaf_provider/controller.go b/cmd/csaf_provider/controller.go
index 577a166..74d7953 100644
--- a/cmd/csaf_provider/controller.go
+++ b/cmd/csaf_provider/controller.go
@@ -76,7 +76,7 @@ func (c *controller) auth(
 		log.Printf("SSL_CLIENT_VERIFY: %s\n", verify)
 
 		switch {
-		case verify == "SUCCESS" && os.Getenv("SSL_CLIENT_I_DN") == c.cfg.Issuer:
+		case verify == "SUCCESS" && (c.cfg.Issuer == nil || *c.cfg.Issuer == os.Getenv("SSL_CLIENT_I_DN")):
 			log.Printf("user: %s\n", os.Getenv("SSL_CLIENT_S_DN"))
 			log.Printf("ca: %s\n", os.Getenv("SSL_CLIENT_I_DN"))
 		case c.cfg.Password == nil: