Common Certificate Subject OIDs
Here’s a list of common X.509 digital certificate Subject OIDs (Object Identifiers) you’ll typically see in the Subject Distinguished Name (DN) of a certificate.
Core Subject DN Attributes (Most Common)
| Attribute Name | Abbreviation | OID | Description |
|---|---|---|---|
| Common Name | CN | 2.5.4.3 | Usually the hostname (e.g., www.example.com) |
| Organization | O | 2.5.4.10 | Legal organization name |
| Organizational Unit | OU | 2.5.4.11 | Department within organization |
| Country | C | 2.5.4.6 | 2-letter ISO country code |
| State / Province | ST | 2.5.4.8 | State or province |
| Locality | L | 2.5.4.7 | City |
| Street Address | STREET | 2.5.4.9 | Street address |
| Postal Code | postalCode | 2.5.4.17 | ZIP / postal code |
| Serial Number | serialNumber | 2.5.4.5 | Business registration number |
Personal Identity Attributes
| Attribute Name | OID | Description |
|---|---|---|
| Given Name | 2.5.4.42 | First name |
| Surname | 2.5.4.4 | Last name |
| Initials | 2.5.4.43 | Middle initials |
| Title | 2.5.4.12 | Job title |
| Generation Qualifier | 2.5.4.44 | Jr., Sr., III |
| Pseudonym | 2.5.4.65 | Alternate name |
Email & Domain Related
| Attribute Name | OID | Notes |
|---|---|---|
| Email Address | 1.2.840.113549.1.9.1 | PKCS#9 emailAddress (legacy, but common) |
| Domain Component | 0.9.2342.19200300.100.1.25 | Used in LDAP-style DNs |
| User ID (UID) | 0.9.2342.19200300.100.1.1 | Often used in LDAP directories |
Business / EV Certificate Attributes
Common in Extended Validation (EV) certificates:
| Attribute Name | OID |
|---|---|
| Jurisdiction of Incorporation – Country | 1.3.6.1.4.1.311.60.2.1.3 |
| Jurisdiction of Incorporation – State | 1.3.6.1.4.1.311.60.2.1.2 |
| Jurisdiction of Incorporation – Locality | 1.3.6.1.4.1.311.60.2.1.1 |
| Business Category | 2.5.4.15 |
Subject Alternative Name (SAN) OIDs (Extension)
Technically not in the Subject DN, but extremely important:
| Extension | OID |
|---|---|
| Subject Alternative Name | 2.5.29.17 |
Inside SAN you commonly find:
- DNS Name
- IP Address
- URI
Common CA-Specific OIDs
Some Certificate Authorities define their own:
| Organization | Example OID Prefix |
|---|---|
| Microsoft | 1.3.6.1.4.1.311.* |
| DigiCert | 2.16.840.1.114412.* |
| Entrust | 2.16.840.1.114028.* |
Example Subject DN
Example certificate subject:
CN=www.example.com
O=Example Corp
OU=IT Department
L=Chicago
ST=Illinois
C=US
Which corresponds to:
2.5.4.3 = www.example.com
2.5.4.10 = Example Corp
2.5.4.11 = IT Department
2.5.4.7 = Chicago
2.5.4.8 = Illinois
2.5.4.6 = US
If you'd like, I can also provide:
- A list of common X.509 extension OIDs
- OIDs related to Key Usage / Extended Key Usage
- A mapping table formatted specifically for Chilkat usage
- Or sample code to enumerate Subject OIDs using Chilkat
Just let me know.