When a client accesses a server using SSL/TLS, it checks if the server’s domain name matches the value of the CN field in the certificate. This ensures that the client connects to the correct server and establishes a secure connection.
During the process of establishing a secure SSL/TLS connection, the server presents its certificate to the client, typically a web browser. The client then verifies the common name (or host name) in the provided certificate against the domain of the site it intends to connect to.
If the common name matches the domain of the site, a secure connection is established, and data between the client and the server is encrypted. If the common name and site domain do not match, the browser may display a certificate invalidation warning, indicating a potential security threat.
Distinguishing the Common Name from Other Certificate Fields
Digital certificates include various fields, each with a distinct meaning:
- Organization (O): Represents the organization that owns the certificate.
- Organizational Unit (OU): Indicates a specific department within the organization.
- Locality (L) and Country (C): Provide geographic information about the organization.
While all these fields contribute to the certificate’s identity, the primary field used for validation by browsers and clients remains the Common Name.