as others i'm struggling with utf8 in requests. sure i went through all preciding questions and answers. well here is my workout. configuration:
[ req ]
default_bits = 2048
default_md = sha256
string_mask = utf8only
utf8 = yes
distinguished_name = DistName
attributes = Attr
[ DistName ]
commonName = Name (your official name)
commonName_default = hans nägli dödüé
stateOrProvinceName = State or Province Name (full name)
countryName = Country Code (2 letter code)
countryName_default = CH
[ Attr ]
subjectAltName = Name (international / latin)
subjectAltName_default = hans nägeli dädü
postalCode = zip code
localityName = Locality Name (eg, city)
emailAddress = Email Address
i verified this config file is utf8 and started thereafter using default values:
openssl req -verbose -config CsrPerson.cfg -new -key HansMuster-ecpem.key -passin pass:gugus -out HansMuster-pem.csr
i then had a look into the request using
openssl req -utf8 -noout -text -in HansMuster-pem.csr
showing
Certificate Request:
Data:
Version: 1 (0x0)
Subject: CN = hans n\C3\A4gli d\C3\B6d\C3\BC\C3\A9, ST = z\C3\BCrich, C = CH
Subject Public Key Info:
...snip...
NIST CURVE: P-384
Attributes:
postalCode :2222
localityName :Dörrhausen
X509v3 Subject Alternative Name:hans nägeli dädü
emailAddress :[email protected]
...snip...
using same source, same configuration, same procedure: subject/distinguished name has not been treated as utf8 but worked out well with attributes even with locality name which was entred by keyboard.
ASN1 definition of subject show a possible content as utf8 string. openssl version OpenSSL 1.1.0g 2 Nov 2017.
where have i been mistaken? have fun
You can try the following:
This should only fix the display problem, you have to check if your other requirements are still met.
You can find more details about the "-nameopt" options here in the "NAME OPTIONS" section: https://www.openssl.org/docs/man1.0.2/man1/x509.html
Other related links: