How to create CSR with utf8 subject in openssl?

utf-8 openssl csr
SWilk picture SWilk · May 10, 2013 · Viewed 20.4k times · Source

I am trying to generate Certificate Signing Request with UTF-8 subject. 

$ openssl req  -utf8 -nodes -newkey rsa:2048 -keyout my.private_key.pem -out my.csr.pem -text
Generating a 2048 bit RSA private key
......................................................................................................................................................................+++
......+++
writing new private key to 'my.private_key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [PL]:
State or Province Name (full name) []:Zażółć gęślą jaźń
problems making Certificate Request
12376:error:0D07A07C:asn1 encoding routines:ASN1_mbstring_ncopy:illegal characters:a_mbstr.c:162:

Terminal encoding is UTF-8, I get the same problem when I use command line subject (...) -subj /C=PL/ST=zażółć\ gęślą\ jaźń/O=my-company/CN=ThisIsMeForSure

When I skip the -utf8 switch, the CSR is generated with all the non-ascii characters replaced with hex notation (eg ó becomes \xC3\xB3). Such CSR cannot be read properly with php (openss_x509_parse) - the original ó is read as four bytes, representing two weird characters...

What am I doing wrong?

Answer

Envek picture Envek · Apr 15, 2015

I've been successful with command

openssl req -new -utf8 -nameopt multiline,utf8 -config example.com.cnf -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr

Where example.com.cnf is a configuration file in UTF-8:

[req]
prompt = no
distinguished_name = dn
req_extensions = ext

[dn]
CN = Описание сайта                # Site description
emailAddress = [email protected]
O = Моя компания                   # My company
OU = Моё подразделение             # My dept
L = Москва                         # Moscow
C = RU

[ext]
subjectAltName = DNS:example.com,DNS:*.example.com

Displayed correctly in Chrome, Firefox, and Safari.

Related questions

How to encrypt data in a UTF-8 string using OpenSSL::Cipher?

In a Rails 3.0 (Ruby 1.9.2) app I'm trying to encrypt some data using something like this: cipher = OpenSSL::Cipher.new 'aes-256-cbc' cipher.encrypt cipher.key = cipher.random_key cipher.iv = cipher.random_iv encrypted = cipher.update 'most secret data in …

Read More
Encode String to UTF-8

I have a String with a "ñ" character and I have some problems with it. I need to encode this String to UTF-8 encoding. I have tried it by this way, but it doesn't work: byte ptext[] = myString.getBytes(); String value = …

Read More
Working with UTF-8 encoding in Python source

Consider: $ cat bla.py u = unicode('d…') s = u.encode('utf-8') print s $ python bla.py File "bla.py", line 1 SyntaxError: Non-ASCII character '\xe2' in file bla.py on line 1, but no encoding declared; see http://…

Read More