A certificate's subject distinguished name (DN) provides information about the manner in which the certificate is to be used. Like an LDAP DN, a certificate's subject DN consists of a comma-delimited series of attribute-value pairs. Unlike an LDAP DN, however, the attribute names in a certificate subject DN are typically written all in uppercase characters. (Attribute names in an LDAP DN are typically written in lowercase or CamelCase characters.)
A certificate's subject DN is also referred to as its subject. The following attributes commonly appear in a certificate subject:
CN
– Common name. For a listener certificate, theCN
attribute typically identifies the host name that clients use to access the certificate, although the subject alternative name extension provides a more highly recommended mechanism for accomplishing the same task. Most certificate subject DNs include at least theCN
attribute.E
– Email address.OU
– Name of the organizational unit, such as the relevant department.O
– Name of the organization or company.L
– Name of the locality, such as the appropriate city.ST
– Full name of the state or province.C
– ISO 3166 country code.
A certificate subject includes at least one attribute-value pair, and the CN
attribute is typically present. Other attributes can be omitted, although the
O
and C
attributes are also common. For example, a listener
certificate for a server with an address of ldap.example.com, which is run
by the US-based company Example Corp, might have a subject of CN=ldap.example.com,O=Example Corp,C=US
.