Like an LDAP DN, a certificate's subject DN consists of a comma-delimited series of attribute-value pairs. However, unlike an LDAP DN, the attribute names in a certificate subject DN are typically written in all uppercase characters.

A certificate's subject DN is also referred to as its subject. The following attributes commonly appear in a certificate subject.

Attribute name Attribute description


Common name


For a listener certificate, the CN attribute typically identifies the host name that clients use to access the certificate. However, the subject alternative name extension is recommended more highly for accomplishing the same task. Most certificate subject DNs include at least the CN attribute.


Email address


Name of the organizational unit, such as the relevant department


Name of the organization or company


Name of the locality, such as the appropriate city


Full name of the state or province


ISO 3166 country code

A certificate subject includes at least one attribute-value pair, and the CN attribute is typically present. Other attributes can be omitted, although the O and C attributes are also common. For example, a listener certificate for a server with an address of, which is run by the US-based company Example Corp, might have a subject of,O=Example Corp,C=US.