What Is a Distinguished Name?312 Netscape Certificate Management System Plug-ins Guide • October 2001Distinguished Name ComponentsA DN identifies an entry in an LDAP directory. Because directories arehierarchical, DNs identify the entry by its location as a path in a hierarchical tree(much as a path in a file system identifies a file). Generally, a DN begins with aspecific common name, and proceeds with increasingly broader areas ofidentification until the country name is specified. DNs are typically made up of thefollowing components (which are defined in the X.520 standard):CN=common name, OU=organizational unit, O=organization, L=locality,ST=state or province, C=country nameThese components are described in Table A-1. For more information ondistinguished names, see RFC 2253 (which replaces RFC 1779). You can find RFC2253 at this URL: http://www.ietf.org/rfc/rfc2253.txtNote that if used in conjunction with an LDAP-compliant directory, CertificateManagement System by default recognizes components that are listed in Table A-2.Table A-1 Definitions of standard DN componentsComponent Name DefinitionCN Common name A required component that identifies the person or object definedby the entry. For example:• CN=Jane Doe• CN=corpDirectory.siroe.comE(deprecated)Email address Identifies the email address of the entry. For example:jdoe@siroe.comThe use of this component is discouraged by the PKIX standard;instead, it recommends the use of Subject Alternative Name Extensionto associate an email address with a certificate; see“SubjectAltNameExt Plug-in Module” on page 233. The reason forthis is because it is usually too hard to have a E in a directorystructure; email addresses change too frequently.OU Organizational unit Identifies a unit within the organization. For example:• OU=Sales• OU=ManufacturingO Organization Identifies the organization in which the entry resides. For example:• O=Siroe Corporation• O=Public Power & Gas