A certificate's subject distinguished name (DN) provides information about the manner in which the certificate is to be used. Like an LDAP DN, a certificate's subject DN consists of a comma-delimited series of attribute-value pairs. Unlike an LDAP DN, however, the attribute names in a certificate subject DN are typically written all in uppercase characters. (Attribute names in an LDAP DN are typically written in lowercase or CamelCase characters.)
A certificate's subject DN is also referred to as its subject. The following attributes commonly appear in a certificate subject:
CN– Common name. For a listener certificate, the
CNattribute typically identifies the host name that clients use to access the certificate, although the subject alternative name extension provides a more highly recommended mechanism for accomplishing the same task. Most certificate subject DNs include at least the
E– Email address.
OU– Name of the organizational unit, such as the relevant department.
O– Name of the organization or company.
L– Name of the locality, such as the appropriate city.
ST– Full name of the state or province.
C– ISO 3166 country code.
A certificate subject includes at least one attribute-value pair, and the
attribute is typically present. Other attributes can be omitted, although the
C attributes are also common. For example, a listener
certificate for a server with an address of ldap.example.com, which is run
by the US-based company Example Corp, might have a subject of