Add information about an enterprise feature related to validating iss…

…ued certificates to the PKI API docs.

website/content/api-docs/secret/pki/index.mdx

@@ -2758,6 +2758,33 @@ do so, import a new issuer and a new `issuer_id` will be assigned.
 ~> **Note**: If no cluster-local address is present and templating is used,
    issuance will fail.
 
+- `disable_critical_extension_checks` `(bool: false)`
+  <EnterpriseAlert inline="true"/> - This determines whether this issuer is able
+  to issue certificates where the chain of trust (including the issued
+  certificate) contain critical extensions not processed by vault, breaking the
+  behavior required by https://www.rfc-editor.org/rfc/rfc5280#section-6.1 .
+
+- `disable_path_length_checks` `(bool: false)`
+  <EnterpriseAlert inline="true"/> - This determines whether this issuer is able
+  to issue certificates where the chain of trust (including the final issued
+  certificate) is longer than allowed by a certificate authority in that chain,
+  breaking the behavior required by
+  https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.9 .
+
+- `disable_name_checks` `(bool: false)`
+  <EnterpriseAlert inline="true"/> - This determines whether this issuer is able
+  to issue certificates where the chain of trust (including the final issued
+  certificate) contains a link in which the subject of the issuing certificate
+  does not match the named issuer of the certificate it signed, breaking the
+  behavior required by https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.4 .
+
+- `disable_name_constraint_checks` `(bool: false)`
+  <EnterpriseAlert inline="true"/> - This determines whether this issuer is able
+  to issue certificates where the chain of trust (including the final issued
+  certificate) violates the name constraints critical extension of one of the
+  issuer certificates in the chain, breaking the behavior required by
+  https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.10 .
+
 #### Sample payload
 
 ```json