Certificate subject DNs
A certificate’s subject distinguished name (DN) provides information about how the certificate should be used.
Like an LDAP DN, a certificate’s subject DN consists of a comma-delimited series of attribute-value pairs. However, unlike an LDAP DN, the attribute names in a certificate subject DN are typically written in all uppercase characters.
A certificate’s subject DN is also referred to as its subject. The following attributes commonly appear in a certificate subject.
Attribute name | Attribute description | ||
---|---|---|---|
|
Common name
|
||
|
Email address |
||
|
Name of the organizational unit, such as the relevant department |
||
|
Name of the organization or company |
||
|
Name of the locality, such as the appropriate city |
||
|
Full name of the state or province |
||
|
ISO 3166 country code |
A certificate subject includes at least one attribute-value pair, and the CN
attribute is typically present. Other attributes can be omitted, although the O
and C
attributes are also common. For example, a listener certificate for a server with an address of ldap.example.com
, which is run by the US-based company Example Corp, might have a subject of CN=ldap.example.com,O=Example
Corp,C=US
.