An X.509 name represents a hostname, email address or other entity associated with a public key.

You can create a Name by parsing a distinguished name String or by supplying the distinguished name as an Array.

name = OpenSSL::X509::Name.parse_rfc2253 'DC=example,CN=nobody'

name = [['CN', 'nobody'], ['DC', 'example']]

The default object type for name entries.

The default object type template for name entries.

A flag for to_s.

Breaks the name returned into multiple lines if longer than 80 characters.

A flag for to_s.

Returns an RFC2253 format name.

A flag for to_s.

Returns a more readable format than RFC2253.

A flag for to_s.

Returns a multiline format.

Class Methods

Creates a new Name.

A name may be created from a DER encoded string der, an Array representing a distinguished_name or a distinguished_name along with a template.

name = [['CN', 'nobody'], ['DC', 'example']]

name = name.to_der

See add_entry for a description of the distinguished_name Array’s contents

An alias for parse_openssl

Parses the string representation of a distinguished name. Two different forms are supported:

  • OpenSSL format (X509_NAME_oneline()) used by #to_s. For example: /DC=com/DC=example/CN=nobody

  • OpenSSL format (X509_NAME_print()) used by #to_s(OpenSSL::X509::Name::COMPAT). For example: DC=com, DC=example, CN=nobody

Neither of them is standardized and has quirks and inconsistencies in handling of escaped characters or multi-valued RDNs.

Use of this method is discouraged in new applications. See Name.parse_rfc2253 and to_utf8 for the alternative.

Parses the UTF-8 string representation of a distinguished name, according to RFC 2253.

See also to_utf8 for the opposite operation.

Instance Methods
An alias for cmp

Adds a new entry with the given oid and value to this name. The oid is an object identifier defined in ASN.1. Some common OIDs are:


Country Name


Common Name


Domain Component


Organization Name


Organizational Unit Name


State or Province Name

The optional keyword parameters loc and set specify where to insert the new attribute. Refer to the manpage of X509_NAME_add_entry(3) for details. loc defaults to -1 and set defaults to 0. This appends a single-valued RDN to the end.

Compares this Name with other and returns 0 if they are the same and -1 or +1 if they are greater or less than each other respectively. Returns nil if they are not comparable (i.e. different types).

Returns true if name and other refer to the same hash key.

The hash value returned is suitable for use as a certificate’s filename in a CA path.

Returns an MD5 based hash used in OpenSSL 0.9.X.

No documentation available
No documentation available

Returns an Array representation of the distinguished name suitable for passing to ::new

Converts the name to DER encoding

Returns a String representation of the Distinguished Name. format is one of:

If format is omitted, the largely broken and traditional OpenSSL format (X509_NAME_oneline() format) is chosen.

Use of this method is discouraged. None of the formats other than OpenSSL::X509::Name::RFC2253 is standardized and may show an inconsistent behavior through OpenSSL versions.

It is recommended to use to_utf8 instead, which is equivalent to calling name.to_s(OpenSSL::X509::Name::RFC2253).force_encoding("UTF-8").

Returns an UTF-8 representation of the distinguished name, as specified in RFC 2253.