Distinguished Names
The Distinguished Name (DN) uniquely identifies an entity in an X.509 certificate.
Attention: Only the attributes in the following table can be used in an SSLPEER filter. Certificate DNs can contain other attributes, but filtering is not allowed on these attributes.
Table 1. Attribute types found in the DN that can be used in an SSLPEER filter Attribute type Description SERIALNUMBER Certificate serial number Email address E Email address (Deprecated in preference to MAIL) UID or USERID User identifier CN Common Name T Title OU Organizational Unit name DC Domain component O Organization name STREET Street / First line of address L Locality name ST (or SP or S) State or Province name PC Postal code / zip code C Country UNSTRUCTUREDNAME Host name UNSTRUCTUREDADDRESS IP address DNQ Distinguished name qualifier The X.509 standard defines other attributes that do not typically form part of the DN but can provide optional extensions to the digital certificate.
The X.509 standard provides for a DN to be specified in a string format. For example:CN=John Smith, OU=Test, O=IBM, C=GBThe Common Name (CN) can describe an individual user or any other entity, for example a web server.
The DN can contain multiple OU and DC attributes. Only one instance of each of the other attributes is permitted. The order of the OU entries is significant: the order specifies a hierarchy of Organizational Unit names, with the highest-level unit first. The order of the DC entries is also significant.
IBM MQ tolerates certain malformed DNs. For more information, see IBM MQ rules for SSLPEER values.