Hi Rich! Glad to hear from you and hope all is well!
Thanks for the tip, but I haven't cracked this nut yet. I've tried several permutations of: - the UTF8 flag on req - openssl req -x509 -newkey rsa:1024 -out rootcacert.pem -utf8 -outform PEM - the no UTF8 flag on req - openssl req -x509 -newkey rsa:1024 -out rootcacert.pem -outform PEM - the utf8 = yes in [ req ] - the string_mask = utf8only - and visa versa I'd been using ASCII characters (still valid UTF), so I thought I'd use proper UTF and thus: commonName = Róót Which looks good in HEX (C3B3) = o with accent 00005c0: 696f 6e73 0d0a 0d0a 5b20 726f 6f74 5f63 ions....[ root_c 00005d0: 615f 6469 7374 696e 6775 6973 6865 645f a_distinguished_ 00005e0: 6e61 6d65 205d 0d0a 0d0a 636f 6d6d 6f6e name ]....common 00005f0: 4e61 6d65 2020 2020 2020 2020 2020 2020 Name 0000600: 2020 3d20 52c3 b3c3 b374 0d0a 7374 6174 = R....t..stat 0000610: 654f 7250 726f 7669 6e63 654e 616d 6520 eOrProvinceName 0000620: 2020 2020 3d20 4d41 0d0a 636f 756e 7472 = MA..countr 0000630: 794e 616d 6520 2020 2020 2020 2020 2020 yName I also tried - commonName = UTF8:Róót - commonName = UTF8STRING:Róót - commonName = UTF8String:Róót And all seem to yield: 163:d=5 hl=2 l= 3 prim: OBJECT :commonName 168:d=5 hl=2 l= 4 prim: T61STRING :R▒▒t Which is a change from PRINTABLESTRING anyway. Still hoping to get this working. Cheers John From: "Salz, Rich" <rs...@akamai.com> To: "openssl-users@openssl.org" <openssl-users@openssl.org>, Cc: "owner-openssl-us...@openssl.org" <owner-openssl-us...@openssl.org> Date: 03/14/2013 12:53 PM Subject: RE: openssl-user - UTF8 characters in configuration file Sent by: owner-openssl-us...@openssl.org Hi John! Looking at apps/req.c, it seems you want to use the –utf8 flag (or put utf8: yes in your conf file [req] section) and not prefix the string with an identifier. -- Principal Security Engineer Akamai Technology Cambridge, MA
