Distinguished Names
The Distinguished Name (DN) uniquely identifies an entity in an X.509 certificate.
Attention: Only the attributes in the following table can be used in an SSLPEER filter.
Certificate DNs can contain other attributes, but filtering is not allowed on these
attributes.
| Attribute type | Description |
|---|---|
| SERIALNUMBER | Certificate serial number |
| Email address | |
| E | Email address (Deprecated in preference to MAIL) |
| UID or USERID | User identifier |
| CN | Common Name |
| T | Title |
| OU | Organizational Unit name |
| DC | Domain component |
| O | Organization name |
| STREET | Street / First line of address |
| L | Locality name |
| ST (or SP or S) | State or Province name |
| PC | Postal code / zip code |
| C | Country |
| UNSTRUCTUREDNAME | Host name |
| UNSTRUCTUREDADDRESS | IP address |
| DNQ | Distinguished name qualifier |
The X.509 standard defines other attributes that do not typically form part of the DN but can provide optional extensions to the digital certificate.
The X.509 standard provides for a DN to be specified in a string format. For example:
CN=John Smith, OU=Test, O=IBM, C=GB
The Common Name (CN) can describe an individual user or any other entity, for example a web server.
The DN can contain multiple OU and DC attributes. Only one instance of each of the other attributes is permitted. The order of the OU entries is significant: the order specifies a hierarchy of Organizational Unit names, with the highest-level unit first. The order of the DC entries is also significant.
IBM® MQ tolerates certain malformed DNs. For more information, see IBM MQ rules for SSLPEER values.