IX500DistinguishedName interface (certenroll.h)

The IX500DistinguishedName interface represents an X.500 distinguished name (DN). The X.500 series of networking standards covers electronic directory services. A distinguished name uniquely identifies (distinguishes) each entry in the directory from all other entries. Each DN consists of one or more relative distinguished names (RDNs).

The subject field of a PKCS #10 certificate request contains the DN of the entity requesting the certificate

CertificationRequestInfo ::= SEQUENCE 
   version                 CertificationRequestInfoVersion,
   subject                 Name,
   subjectPublicKeyInfo    SubjectPublicKeyInfo,
   attributes              [0] IMPLICIT Attributes

The DN consists of a sequence of RDNs. Each RDN consists of a set of attributes, and each attribute consists of an object identifier (OID) and a value. The data type of the value is identified by the DirectoryString structure.

Name ::= SEQUENCE OF RelativeDistinguishedName

RelativeDistinguishedName ::= SET OF AttributeTypeValue

AttributeTypeValue ::= SEQUENCE 
   type       EncodedObjectID,
   value      ANY 

DirectoryString ::= CHOICE 
   teletexString           TeletexString (SIZE (1..MAX)),
   printableString         PrintableString (SIZE (1..MAX)),
   universalString         UniversalString (SIZE (1..MAX)),
   utf8String              UTF8String (SIZE (1..MAX)),
   bmpString               BMPString (SIZE (1..MAX)) 

The following RDN keys and associated OIDs are currently supported.

Key OID Description RDN type
C XCN_OID_COUNTRY_NAME Contains a two-letter ISO 3166 country or region code. PrintableString
CN XCN_OID_COMMON_NAME Contains a common name. PrintableString
EEMAIL XCN_OID_RSA_emailAddr Contains an email address. IA5String
DC XCN_OID_DOMAIN_COMPONENT Contains one component of a Domain Name System (DNS) name. IA5String
GGivenName XCN_OID_GIVEN_NAME Contains the part of a person's name that is not a surname. PrintableString
I XCN_OID_INITIALS Contains a person's initials. PrintableString
L XCN_OID_LOCALITY_NAME Contains the locality name that identifies a city, country, or other geographic region. PrintableString
O XCN_OID_ORGANIZATION_NAME Contains the name of an organization. PrintableString
OU XCN_OID_ORGANIZATIONAL_UNIT_NAME Contains the name of a unit subdivision within an organization. PrintableString
SST XCN_OID_STATE_OR_PROVINCE_NAME Contains the full name of a state or province. PrintableString
STREET XCN_OID_STREET_ADDRESS Contains the physical address. PrintableString
SN XCN_OID_SUR_NAME Contains the family name of a person. PrintableString
TTITLE XCN_OID_TITLE Contains the title of a person in the organization. PrintableString

Each service that is based on X.500 defines its own distinguished name string representation. For example, LDAP uses a comma-delimited list arranged from right to left. Active Directory uses a forward slash (/) and arranges the list from left to right. Other services use semicolons as separators. The following example shows an Active Directory entry for an employee named John Peoples who works in the pharmaceutical division of a company named Contoso, Ltd.

/c=gb/o=Contoso Ltd./ou=Contoso Pharmaceuticals/cn=John Peoples


The IX500DistinguishedName interface inherits from the IDispatch interface. IX500DistinguishedName also has these types of members:


The IX500DistinguishedName interface has these methods.


Initializes the object from a Unicode-encoded distinguished name.

Initializes the object from a string that contains a distinguished name.

Retrieves a Unicode-encoded distinguished name.

Retrieves a distinguished name.


Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Target Platform Windows
Header certenroll.h

See also

CertEnroll Interfaces


Subject Names