The Distinguished Name (DN) was first defined in the X.500 standard and is supposed to be a globally unique name. For normal enterprise CAs we are normally satisfied with enterprise wide unique DNs though unless connected to a global X.500 directory.
These fields can be present in a DN:
* C : Country, Two letter country code as defined in ISO 3166.
* DC : Domain Component, modern attribute commonly used in LDAP directories, ex. CN=Tomas Gustavsson, DC=BigCorp, DC=com.
* ST : State of Province name. Not commonly used.
* L : Locality, e.g. Stockholm. Not commonly used for people, people move around alot, perhaps for routers etc.
* O : Organization name, e.g. PrimeKey Solutions AB.
* OU : Organizational Unit, e.g. Engineering.
* T : Title, not commonly used.
* Surname : Last name, e.g. Gustavsson.
* Givenname (gn) : First name, e.g. Tomas
* Initials : Initials, not commonly used.
* Serialnumber (sn) : Serialnumber of routers etc, could also be other registration number for people.
* CN : Common Name, e.g. Tomas Gustavsson
* UID : Unique id, commonly used for computer account name, e.g. tomas.
* Emailaddress : Should not be used, use alternative name for email address.
* UnstructuredName : ip-address of routers.
* UnstructuredAddress: DNS name of routers.
* PostalCode: The users postal code.
* Business Category: Describes the kinds of business performed by an organization.
Encoding of DN fields is a small science in it self, at least for the DN components that use the asn.1 DirectoryString. By default the behaviour in EJBCA is:
PrintableString is used for some fields that require it according to the standard. Regular values are encoed as UTF8String if the field value will decode to that, and finally BMPStrings if 16 bit characters are required.
There is an option in the CA configuration (Edit Certificate Authorities) called 'Use PrintableString encoding in DN'. When this option is checked, PrintableString will be used for those components where this is a choice (ASN.1 DirectoryString).
This option also affects SubjectDirectoryAttributes (placeOfBirth is a DirectoryString), and Certificate Policy User Notice Text.
See RFC5280 for encoding requirements.