I'm using the following configuration file section in an attempt to create a CA with UTF8 characters in subject (and other) fields.
string_mask = utf8only prompt = no [ req ] default_bits = 2048 default_keyfile = /opt/rasmussjCa/private/cakey.pem default_md = md5 prompt = no distinguished_name = root_ca_distinguished_name x509_extensions = root_ca_extensions [ root_ca_distinguished_name ] commonName = UTF8STRING:Root stateOrProvinceName = MA countryName = US emailAddress = r...@abc.com organizationName = abc When I use "commonName = UTF8STRING:Root", I am getting a format=PRINTABLESTRING containing the "UTF8STRING:Root" value 45:d=5 hl=2 l= 3 prim: OBJECT :commonName 50:d=5 hl=2 l= 15 prim: PRINTABLESTRING :UTF8STRING:Root Not a UTF8STRING format as I'm expecting such as this ... 108:d=5 hl=2 l= 3 prim: OBJECT :commonName 113:d=5 hl=2 l= 23 prim: UTF8STRING :XXXXXXXXXX In addition to "string_mask = utf8", I've also tried the -utf8 option on the req with the same results: openssl req -x509 -newkey rsa:1024 -out rootcacert.pem -utf8 -outform PEM +++ In addition when I try to assign a policy "root_commonName" to the commonName field commonName = root_commonName stateOrProvinceName = MA countryName = US emailAddress = r...@abc.com organizationName = abc [ root_commonName ] commonName = UTF8STRING:Root I am am just getting the "root_commonName" policy assigned to the field rather than the "UTF8STRING:Root" value assigned within the policy 174:d=5 hl=2 l= 3 prim: OBJECT :commonName 179:d=5 hl=2 l= 15 prim: T61STRING :root_commonName Any comments are greatly appreciated. Thanks John