PingDirectory

Certificate subject DNs

A certificate’s subject distinguished name (DN) provides information about how the certificate should be used.

Like an LDAP DN, a certificate’s subject DN consists of a comma-delimited series of attribute-value pairs. However, unlike an LDAP DN, the attribute names in a certificate subject DN are typically written in all uppercase characters.

A certificate’s subject DN is also referred to as its subject. The following attributes commonly appear in a certificate subject.

Attribute name Attribute description

CN

Common name

For a listener certificate, the CN attribute typically identifies the host name that clients use to access the certificate. However, the subject alternative name extension is recommended more highly for accomplishing the same task. Most certificate subject DNs include at least the CN attribute.

E

Email address

OU

Name of the organizational unit, such as the relevant department

O

Name of the organization or company

L

Name of the locality, such as the appropriate city

ST

Full name of the state or province

C

ISO 3166 country code

A certificate subject includes at least one attribute-value pair, and the CN attribute is typically present. Other attributes can be omitted, although the O and C attributes are also common. For example, a listener certificate for a server with an address of ldap.example.com, which is run by the US-based company Example Corp, might have a subject of CN=ldap.example.com,O=Example Corp,C=US.