What does subject mean in certificate

Question

The related link is this MSDN article   I am always confused about the term  subject   for example  sk option   Specifies the subject s key container location   sr option  Specifies the  subject s certificate store location   What exactly does subject mean here  The  certificate owner  The certificate issuer  e g  the root CA which issues the  certificate   Or something else

User · Answer

The subject of the certificate is the entity its public key is associated with (i.e. the "owner" of the certificate).

As RFC 5280 says:

The subject field identifies the entity associated with the public key stored in the subject public key field. The subject name MAY be carried in the subject field and/or the subjectAltName extension.

X.509 certificates have a Subject (Distinguished Name) field and can also have multiple names in the Subject Alternative Name extension.

The Subject DN is made of multiple relative distinguished names (RDNs) (themselves made of attribute assertion values) such as "CN=yourname" or "O=yourorganization".

In the context of the article you're linking to, the subject would be the user/owner of the cert.

User · Answer

The Subject  in security  is the thing being secured  In this case it could be a persons email or a website or a machine    If we take the example of an email  say my email  then the subject key container would be the protected location containing my private key   The certificate store usually refers to Microsoft certificate store which contains certificates form trusted roots  machines on the network  people etc  In my case the subjects certificate store would be the place  within this store  holding my certificates   If you are working within a microsoft domain then the subject name will invariably hold the Distinguished Name  of the subject  which is how the domain references the subject and holds it in its directory  e g  CN Mark Sutton  OU Developers  O Mycompany C UK   To look at your certificates on a microsoft machine -  Log in as you run mmc Select File add remove snap-in and select certificates then select my user account click Finish then close then ok  Look in the personal area of the store   In the other areas of the store you will see the other trusted certificates used to validate signatures etc

User · Answer

Subject is the certificate s common name and is a critical property for the certificate in a lot of cases if it s a server certificate and clients are looking for a positive identification   As an example on an SSL certificate for a web site the subject would be the domain name of the web site

User · Answer

My typical expectation is than when  subject  is used a context like this  it means the target of the certificate   If you think of a certificate as a cryptographically secured description of a thing  person  device  communication channel  etc   then the subject is the stuff related to that thing     It s not the thing itself   For example  no one would say  the subject takes his SmartCard and authenticates his PIN    That would be the  user      But it usually relates to the various data items related to that that thing   For example    Subject DN   Subject Distinguished Name   the unique identifier for what this thing is   Includes information about the thing being certified  including common name  organization  organization unit  country codes  etc  Subject Key   part  or all  of the certificate s private public key pair   If it s coming from the certificate  it s the public key   If it s coming from a key store in a secure location  it s probably the private key   Either part of the key is the cryptographic data used by the thing that received the certificate  Subject certificate - the end point for the transaction - this is the thing requesting some secure capability - like integrity checking  authentication  privacy  etc    Usually  it s used to distinguish between the other players in the PKI world  Namely the  issuer  and the  root    The issuer is the CA that issued the cert  to the subject   and the root is the CA that is end point of all the trust in the heirarchy   The typical relationship is root--- issuer--- subject

[certificate] What does "subject" mean in certificate?

Examples related to certificate

Examples related to pki

Examples related to x509