My application uses X.509 certificates with commonName field set to following format:
number#UserName, for example 12345#JohnSmith Everything is ok when UserName is in ascii, but when I sign new certificates using this command, for example: openssl ca -config ca_config.txt -subj "/CN=30000#тестტესტ中国" -utf8 -batch -notext -out 30000.pem -in /tmp/CSR-file and subject contains non-ASCII characters in UTF-8 encoding, the resulting certificate's CN looks this way: $ openssl x509 -in 30000.pem -subject -noout subject= /CN=\x003\x000\x000\x000\x000\x00#\x04B\x045\x04A\x04B\x10\xE2\x10\xD4\x10\xE1\x10\xE2N-V\xFD Looks like string "30000" is literally encoded as a sequence of bytes with corresponding decimal values, not as sequence of ASCII codes for characters "3", "0", "0",... After adding -nameopt oneline,-esc_msb,utf8 result looks fine $ openssl x509 -in 0/0_cert.pem -subject -nameopt oneline,-esc_msb,utf8 -noout subject= CN = 30000#тестტესტ中国 I call X509_NAME_oneline() function inside my application to get CN string, and application fails to convert number from CN field to integer, because X509_NAME_oneline() returns "/CN=\x003\x000\x000\x000\x000\x00#" instead of "CN=30000#...". Probably I should use X509_NAME_print_ex(), but I have doubts if this string encoding is correct and how it would work with other software. For example, certtool from GnuTLS outputs subject string in this way: $ certtool -i --infile 30000.pem ...skipped... Subject: CN=#003300300030003000300023044204350441044210e210d410e110e24e2d56fd ...skipped... There are no such problems in "openssl req", I can set UTF8 strings with numbers in certificate requests and resulting certificate is ok for me, but I need to ignore subject from certificate requests and set my own value Is it possible to fix "openssl ca" command somehow to encode numbers in UTF8 strings as strings, not numbers? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org