The related link is this MSDN article.
I am always confused about the term "subject", for example, sk option "Specifies the subject's key container location", sr option "Specifies the subject's certificate store location". What exactly does subject mean here? The certificate owner? The certificate issuer (e.g. the root CA which issues the certificate)? Or something else?
This question is related to
certificate
pki
x509
The subject of the certificate is the entity its public key is associated with (i.e. the "owner" of the certificate).
As RFC 5280 says:
The subject field identifies the entity associated with the public key stored in the subject public key field. The subject name MAY be carried in the subject field and/or the subjectAltName extension.
X.509 certificates have a Subject (Distinguished Name) field and can also have multiple names in the Subject Alternative Name extension.
The Subject DN is made of multiple relative distinguished names (RDNs) (themselves made of attribute assertion values) such as "CN=yourname" or "O=yourorganization".
In the context of the article you're linking to, the subject would be the user/owner of the cert.
My typical expectation is than when "subject" is used a context like this, it means the target of the certificate. If you think of a certificate as a cryptographically secured description of a thing (person, device, communication channel, etc), then the subject is the stuff related to that thing.
It's not the thing itself. For example, no one would say "the subject takes his SmartCard and authenticates his PIN". That would be the "user".
But it usually relates to the various data items related to that that thing. For example:
Usually, it's used to distinguish between the other players in the PKI world. Namely the "issuer" and the "root". The issuer is the CA that issued the cert (to the subject), and the root is the CA that is end point of all the trust in the heirarchy. The typical relationship is root--->issuer--->subject.
The Subject, in security, is the thing being secured. In this case it could be a persons email or a website or a machine.
If we take the example of an email, say my email, then the subject key container would be the protected location containing my private key.
The certificate store usually refers to Microsoft certificate store which contains certificates form trusted roots, machines on the network, people etc. In my case the subjects certificate store would be the place, within this store, holding my certificates.
If you are working within a microsoft domain then the subject name will invariably hold the Distinguished Name, of the subject, which is how the domain references the subject and holds it in its directory. e.g. CN=Mark Sutton, OU=Developers, O=Mycompany C=UK
To look at your certificates on a microsoft machine:-
Log in as you run>mmc Select File>add/remove snap-in and select certificates then select my user account click Finish then close then ok. Look in the personal area of the store.
In the other areas of the store you will see the other trusted certificates used to validate signatures etc.
Subject is the certificate's common name and is a critical property for the certificate in a lot of cases if it's a server certificate and clients are looking for a positive identification.
As an example on an SSL certificate for a web site the subject would be the domain name of the web site.
Source: Stackoverflow.com