Hi everybody, I'm using the openssl ca app to sign certificate requests. Often, I use -subj to override the Subject supplied in the CSR. I have recently encountered the following problem:
When combining -subj with -utf8 and I supply a UTF-8 String to -subj, like this: openssl ca -utf8 -in csr.pem -keyfile key.pem -key key -out cert.pem -batch -config openssl.cnf -md sha1 -subj "/CN=SOME UTF-8 STRING" I get a certificate where all entries in the Subject field that have DirectoryString as their type (localityName, commonName, ...) have the type BMPSTRING. The expected result would be that those entries have the type UTF8STRING. Am I doing something wrong or is this a bug? I'm using OpenSSL 0.9.8e 23 Feb 2007. regards, Daniel
