Hi Lou, -----Original Message----- > From: Lou Picciano > > Can someone point us to a hard example of encoding fields within a cert in > UTF8? > Specifically, we'd like to sign our CSRs with a UTF8-content 'subject' line. > Essentially, we're ttying to be sure we spell our users' names correctly!
this is how I do it: in your openssl.conf: [ req ] string_mask = utf8only utf8 = yes <your other settings> and then in your code: openssl req -config </path/to/your/openssl.conf> -subj "your subject dname" <other options> Then all fields of your subject dname except for the country rdn will be utf8-encoded. Country is always encoded as PrintableString. If you sign such a request in the ordinary way, you'll get a cert with an utf8-encoded dname. If you wanna change the subject of a csr before issuing a certificate for it via the -subj commandline option, you'll additionally need the two above mentioned settings in the ca-section of your openssl.conf. HTH, Patrick Eisenacher ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
