Skip to content

Distinguished Name (DN) certificate attributes

A Distinguished Name (DN) is a unique identifier used within the X.509 certificate standard to specify the entity (subject) associated with a certificate^[600-developer__tools__security__CA.md]. It represents a collection of attributes that collectively bind a public key to a specific organization, individual, or device.

When generating a Certificate Signing Request (CSR) or a Self-Signed Certificate using tools like OpenSSL, the system prompts the user to provide information for the DN. These fields are incorporated into the certificate request^[600-developer__tools__security__CA.md].

Standard Attributes

The OpenSSL interactive prompt explicitly labels the input sequence as a "Distinguished Name or a DN"^[600-developer__tools__security__CA.md]. The standard attributes typically collected include:

  • Country Name (C): A two-letter ISO country code (e.g., TW, US).
  • State or Province Name (ST): The full name of the state or province (e.g., Taiwan).
  • Locality Name (L): The name of the city or locality (e.g., taipei).
  • Organization Name (O): The legal name of the company or organization (e.g., tommy-dev).
  • Organizational Unit Name (OU): The specific department or section (e.g., dev).
  • Common Name (CN): The Fully Qualified Domain Name (FQDN) or the individual's name. In the context of SSL/TLS, this is often the domain name the certificate secures (e.g., *.yudady.tk)^[600-developer__tools__security__CA.md].
  • Email Address: A contact email address for the entity (e.g., yu_dady@yahoo.com.tw).

Usage and Configuration

The attributes provided in the DN appear in the final certificate file. For example, when reading a certificate with openssl x509, the Issuer and Subject sections display these attributes to identify who issued the certificate and who the certificate belongs to^[600-developer__tools__security__CA.md].

In certain configurations, specific DN attributes must be manually edited in configuration files (such as caconfig.cnf or exampleserver.cnf) to match the desired domain or organizational details, particularly for fields like the Common Name or Subject Alternative Names^[600-developer__tools__security__CA.md].

Sources

  • 600-developer__tools__security__CA.md