Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual page 785

Distinguished Names
An X.509 v3 certificate binds a distinguished name (DN) to a public key. A DN is a series
of name-value pairs, such as
certificate subject.
For example, this might be a typical DN for an employee of Red Hat, Inc.:
uid=doe,e=doe@example.net,cn=John Doe,o=Red Hat, Inc.,c=US
The abbreviations before each equal sign in this example have these meanings:
• : user ID
uid
• : email address
e
• : the user's common name
cn
• : organization
o
• : country
c
DNs may include a variety of other name-value pairs. They are used to identify both
certificate subjects and entries in directories that support the Lightweight Directory Access
Protocol (LDAP).
The rules governing the construction of DNs can be quite complex and are beyond the
scope of this document. For comprehensive information about DNs, see A String
Representation of Distinguished Names at the following URL:
http://www.ietf.org/rfc/rfc1485.txt
A Typical Certificate
Every X.509 certificate consists of two sections:
• The data section includes the following information:
• The version number of the X.509 standard supported by the certificate.
• The certificate's serial number. Every certificate issued by a CA has a serial number
that is unique among the certificates issued by that CA.
• Information
• Information about the user's public key, including the algorithm used and a
representation of the key itself.
• The DN of the CA that issued the certificate.
• The period during which the certificate is valid (for example, between 1:00 p.m. on
November 15, 1999 and 1:00 p.m. November 15, 2000)
, that uniquely identify an entity—that is, the
uid=doe
Appendix J
Certificates and Authentication
Introduction to Public-Key Cryptography 785