Distinguished Names

 

The Distinguished Name (DN) uniquely identifies an entity in an X.509 certificate. The following attribute types are commonly found in the DN:

CN Common Name
T Title
O Organization name
OU Organizational Unit name
L Locality name
ST (or SP or S) State or Province name
C Country
The X.509 standard defines other attributes that do not usually form part of the DN but can provide optional extensions to the digital certificate.

The X.509 standard provides for a DN to be specified in a string format. For example:

CN=John, O=IBM, OU=Test, C=GB

Any field within the DN that consists of more than one word requires quotes, either around the field contents or the entire DN. For example:

CN="John Smith", O=IBM, OU=Test, C=GB
or
"CN=John Smith, O=IBM, OU=Test, C=GB".

The Common Name (CN) can describe an individual user or any other entity, for example a Web server.

The DN can contain multiple OU attributes, but one instance only of each of the other attributes is permitted. The order of the OU entries is significant: the order specifies a hierarchy of Organizational Unit names, with the highest-level unit first.

 

Parent topic:

Digital certificates


sy10570_