On 12/16/2011 6:14 PM, Erwann Abalea wrote:
Le 16/12/2011 17:57, Mick a écrit :
On Friday 16 Dec 2011 16:23:52 you wrote:
man req
Then look for the "-utf8" argument.
I took your example below, added "-utf8" argument, and it worked.
You can display the content with "openssl req -text -noout -in
blabla.pem -nameopt multiline,utf8,-esc_msb"
Would using -utf8 resolve the original OP problem?
To create the request/certificate, yes.
This is what I do to embed accented characters in UTF8.
Typing
openssl req -utf8 -new -nodes -newkey rsa:512 -keyout THORSTROM.key
-out THORSTROM.csr -subj "/O=ESBJÖRN.com/OU=Esbjörn-Thörstrom
Group/CN=Áki Thörstrom"
on an UTF8 capable terminal, with a "string_mask = utf8only" in the
right openssl.cnf file, gives me a certificate request correctly
encoded in UTF8 with the wanted characters in the DN.
Sorry, but OP's problem seems to be that the CSR was created by "some
software embedded in a router", which presumably would not allow him
to set OpenSSL command line options, OpenSSL config file options or
even the terminal type, even if the software in the router happened to
be built around OpenSSL.
OPs problem is that the OpenSSL ca command is being overly strict in
its handling of policy constraints on DN name components, rejecting
alternative encodings of the same name with a meaningless error
message ("foo" does not match "foo") rather than accept those.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
