Use this information to learn about the identification
characteristics of digital certificates.
Each CA has a policy to determine what identifying information the CA requires
to issue a certificate. Some public Internet Certificate Authorities may require
little information, such as a name and e-mail address. Other public CAs may
require more information and require stricter proof of that identifying information
before issuing a certificate. For example, CAs that support Public Key Infrastructure
Exchange (PKIX) standards, may require that the requester verify identity
information through a Registration Authority (RA) before issuing the certificate.
Consequently, if you plan to accept and use certificates as credentials, you
need to review the identification requirements for a CA to determine whether
their requirements fit your security needs.
Distinguished name (DN) is a term that describes the identifying information
in a certificate and is part of the certificate itself. A certificate contains
DN information for both the owner or requestor of the certificate (called
the Subject DN) and the CA that issues the certificate (called the Issuer
DN). Depending on the identification policy of the CA that issues a certificate,
the DN can include a variety of information. You can use Digital Certificate
Manager (DCM) to operate a private Certificate Authority and issue private
certificates. Also, you can use DCM to generate the DN information and key
pair for certificates that a public Internet CA issues for your organization.
The DN information that you can provide for either type of certificate includes:
- Certificate owner's common name
- Organization
- Organizational unit
- Locality or city
- State or province
- Country or region
When you use DCM to issue private certificates, you can use certificate
extensions to provide additional DN information for the certificate, including:
- Version 4 IP address
- Fully qualified domain name
- E-mail address