The CN component of the subject field of a certificate is used as the Publisher name in a security dialog. If the CN field is missing, "Unknown" will be displayed, which is not user-friendly. Also there are additional components in the distinguished name that can be used to identify the certificate's subject. If the CN field is empty, I think we should display the OU field (and maybe the O field as well). This is likely to become a more common scenario. The CA/Browser Forum has made a recommendation discouraging the use of the CN field in section 9.2.2 of the baseline requirements v1.1.6 and 9.2.3 of the EV Code Signing Guidelines: https://cabforum.org/Baseline_Requirements_V1.pdf��� https://cabforum.org/wp-content/uploads/EV_Code_Signing_Guidelines_v1_1.pdf