Distinguished name

Distinguished name (DN) is a term that describes the identifying information in a certificate and is part of the certificate itself. A certificate contains DN information for both the owner or requestor of the certificate (called the Subject DN) and the CA that issues the certificate (called the Issuer DN). Depending on the identification policy of the CA that issues a certificate, the DN can include a variety of information.

Each CA has a policy to determine what identifying information the CA requires to issue a certificate. Some public Internet Certificate Authorities may require little information, such as a name and e-mail address. Other public CAs may require more information and require stricter proof of that identifying information before issuing a certificate. For example, CAs that support Public Key Infrastructure Exchange (PKIX) standards, may require that the requester verify identity information through a Registration Authority (RA) before issuing the certificate. Consequently, if you plan to accept and use certificates as credentials, you need to review the identification requirements for a CA to determine whether their requirements fit your security needs.

You can use Digital Certificate Manager (DCM) to operate a private Certificate Authority and issue private certificates. Also, you can use DCM to generate the DN information and key pair for certificates that a public Internet CA issues for your organization. The DN information that you can provide for either type of certificate includes:
  • Certificate owner's common name
  • Organization
  • Organizational unit
  • Locality or city
  • State or province
  • Country or region
When you use DCM to issue private certificates, you can use certificate extensions to provide additional DN information for the certificate, including:
  • Version 4 or 6 IP address
  • Fully qualified domain name
  • E-mail address