--- title: Certificate subject DNs description: A certificate's subject distinguished name (DN) is a name that provides information about the certificate and how it is intended to be used. component: pingdirectory version: 11.0 page_id: pingdirectory:pingdirectory_security_guide:pd_sec_cert_subject_dns canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/pingdirectory_security_guide/pd_sec_cert_subject_dns.html revdate: September 13, 2023 --- # Certificate subject DNs A certificate's subject distinguished name (DN) is a name that provides information about the certificate and how it is intended to be used. Like an LDAP DN, it is comprised of a comma-delimited series of attribute-value pairs, but the attribute names in a certificate subject DN are typically written in all uppercase, whereas they are typically lowercase or camelCase in LDAP DNs. Attributes that commonly appear in certificate subjects include: * CN A common name. For a listener certificate, this is often a hostname that clients use to access the certificate, although the subject alternative name extension provides a better mechanism for accomplishing that. Most certificate subject DNs include at least the CN attribute. * E An email address. * OU An organizational unit (department) name. * O An organization (company) name. * L A locality (city) name. * ST A state or province name. | | | | - | --------------------------------------------------------------------------- | | | This should be the full name of the state or province, not an abbreviation. | * C An ISO 3166 country code (not the full country name). A certificate subject should include at least one attribute-value pair, and the CN attribute is typically present. Other attributes can be omitted, but the O and C attributes are also fairly common. For example, a listener certificate for a server with an address of ldap.example.com run by the US-based company Example Corp might have a subject of `CN=ldap.example.com,O=Example Corp,C=US`.