On Tue, Nov 12, 2002, Jason Haar wrote: > Hi there > > I want to generate certs from our internal LDAP server. We have people from > all over the world here, and so some of these entries have 8bit chars in > their names (shock! horror!) > > Now I went off and generated a cert for one "Frank Österberg" (that's an "O" > with two dots on top), and when I "vi" the PEM afterwards I see > "\xD6sterberg". However, under Mozilla Import, the name shows up as > "A?sterberg" (the A has two dots on top) - not the same thing. > > Is this an issue with the Unix (Linux BTW) system doing some ISO charset, > but Openssl expecting unicode? If so, what is the correct way to do this? > > Thanks in advance for any help - my poor ASCII brain is feeling > overwhelmed :-) >
This is an alighty can of worms... If you want to use OpenSSL to generate these things you can mess around with the config files to accept input as UTF8 and you have to arrange the terminal to output UTF8 sequences, or whatever method you use. However there are lots of different ways of encoding these things in certificates. The correct way is to use a BMPString or better still UTF8String. However some software will not handle this properly, in particular some versions of Netscape without PSM will crash horribly if they see such things in a certificate and some vesions of MSIE don't display UTF8Strings IIRC. MSIE and Netscape may display these things if they are included in a T61String. However they don't use the T61String encoding but instead interpret it as ISO8859-1: or at least they do on my system, it may just be using the local character set. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
