Hi, I tried this some 2yrs ago what seemed to work (at least wins showed the strings in cert correctly)
in [ req ] ... distinguished_name = req_distinguished_name attributes = req_attributes string_mask = utf8only utf8 = yes ... ... [ req_distinguished_name ] ... localityName_value = ZádveĹ™ice ... and commonName can either be defined in cfg file (commonName_value) or it can be raed in from a file with the proper value (interactive cli input didn't work for me then) openssl req -config utf8configfile.cfg -new -nodes -utf8 -keyout utf8key.pem -out utf8req.pem <utf8user.txt Hope this helps Zbynek -----Original Message----- From: rasmu...@us.ibm.com To: openssl-users@openssl.org Cc: "owner-openssl-us...@openssl.org" <owner-openssl- us...@openssl.org> Date: Thu, 14 Mar 2013 15:35:42 -0400 Subject: RE: openssl-user - UTF8 characters in configuration file > Hi Rich! > > Glad to hear from you and hope all is well! > > Thanks for the tip, but I haven't cracked this nut yet. I've tried several > permutations of: > > - the UTF8 flag on req - openssl req -x509 -newkey rsa:1024 -out > rootcacert.pem -utf8 -outform PEM > - the no UTF8 flag on req - openssl req -x509 -newkey rsa:1024 -out > rootcacert.pem -outform PEM > - the utf8 = yes in [ req ] > - the string_mask = utf8only > - and visa versa > > I'd been using ASCII characters (still valid UTF), so I thought I'd use > proper UTF and thus: > > commonName = Róót > > Which looks good in HEX (C3B3) = o with accent > > 00005c0: 696f 6e73 0d0a 0d0a 5b20 726f 6f74 5f63 ions....[ root_c > 00005d0: 615f 6469 7374 696e 6775 6973 6865 645f a_distinguished_ > 00005e0: 6e61 6d65 205d 0d0a 0d0a 636f 6d6d 6f6e name ]....common > 00005f0: 4e61 6d65 2020 2020 2020 2020 2020 2020 Name > 0000600: 2020 3d20 52c3 b3c3 b374 0d0a 7374 6174 = R....t..stat > 0000610: 654f 7250 726f 7669 6e63 654e 616d 6520 eOrProvinceName > 0000620: 2020 2020 3d20 4d41 0d0a 636f 756e 7472 = MA..countr > 0000630: 794e 616d 6520 2020 2020 2020 2020 2020 yName > > I also tried > > - commonName = UTF8:Róót > - commonName = UTF8STRING:Róót > - commonName = UTF8String:Róót > > And all seem to yield: > > 163:d=5 hl=2 l= 3 prim: OBJECT :commonName > 168:d=5 hl=2 l= 4 prim: T61STRING :R▒▒t > > Which is a change from PRINTABLESTRING anyway. > > Still hoping to get this working. > > Cheers > > John > > > > > > > > From: "Salz, Rich" <rs...@akamai.com> > To: "openssl-users@openssl.org" <openssl-users@openssl.org>, > Cc: "owner-openssl-us...@openssl.org" > <owner-openssl-us...@openssl.org> > Date: 03/14/2013 12:53 PM > Subject: RE: openssl-user - UTF8 characters in configuration file > Sent by: owner-openssl-us...@openssl.org > > > > > Hi John! > > Looking at apps/req.c, it seems you want to use the –utf8 flag (or put > utf8: yes in your conf file [req] section) and not prefix the string with > an identifier. > > -- > Principal Security Engineer > Akamai Technology > Cambridge, MA > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
