Distinguished name
Distinguished name (DN) is a term that describes the identifying information in a certificate and is part of the certificate itself. A certificate contains DN information for both the owner or requestor of the certificate (called the Subject DN) and the CA that issues the certificate (called the Issuer DN). Depending on the identification policy of the CA that issues a certificate, the DN can include a variety of information.
Each CA has a policy to determine what identifying information the CA requires to issue a certificate. Some public Internet Certificate Authorities may require little information, such as a name and e-mail address. Other public CAs may require more information and require stricter proof of that identifying information before issuing a certificate. For example, CAs that support Public Key Infrastructure Exchange (PKIX) standards, may require that the requester verify identity information through a Registration Authority (RA) before issuing the certificate. Consequently, if you plan to accept and use certificates as credentials, you need to review the identification requirements for a CA to determine whether their requirements fit your security needs.
- Certificate owner's common name
- Organization
- Organizational unit
- Locality or city
- State or province
- Country or region
- Version 4 or 6 IP address
- Fully qualified domain name
- E-mail address