Names

Certification Authorities

The CILogon Certification Authorities use the following Issuer Distinguished Names:

/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Silver CA 1

/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Basic CA 1

/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon OpenID CA 1

The CILogon Basic and Silver CAs issue certificates with Subject Distinguished Names of the following form:

/DC=org/DC=cilogon/C=US/O=OrganizationDisplayName/CN=displayName UID

In the above template:

OrganizationDisplayName is the value of the OrganizationDisplayName element in the EntityDescriptor for the identity provider found in the SAML metadata for the InCommon Federation.
displayName is the value of the RFC 2798 inetOrgPerson DisplayName attribute in the SAML authentication assertion.
UID is a unique identifier for the subscriber, assigned by the CA, to ensure uniqueness of subject names.

For example:

/DC=org/DC=cilogon/C=US/O=University of Illinois at Urbana-Champaign/CN=Jim Basney A47983

The CILogon OpenID CA issues certificates with Subject Distinguished Names of the following form:

/DC=org/DC=cilogon/C=US/O=OpenIDProvider/CN=EndEntityName UID

In the above template:

OpenIDProvider is an identifier for the OpenID Provider ("Google", "Yahoo", "Verisign", etc.).
EndEntityName is a presentation of the subject's name provided by the OpenID Provider in OpenID namePerson, fullname, or similar attributes.
UID is a unique identifier for the subscriber, assigned by the CA, to ensure uniqueness of subject names.

For example:

/DC=org/DC=cilogon/C=US/O=Google/CN=Jim Basney A437

Report abuse