countryName is ALWAYS a PrintableString, and is ALWAYS 2 characters long. See X.520 for a normative definition, included in RFC5280 for information.
-- Erwann ABALEA Le 20/06/2013 18:33, phildoch a écrit :
Country Name field in CA generated by openssl is encoded as PRINTABLESTRING while other fields are UTF8STRING I am generating a CA certificate with openssl version 1.0.1e with the following commands: openssl ecparam -out ec_key.pem -name secp384r1 -genkey openssl req -new -key ec_key.pem -x509 -nodes -days 1460 -out ec_ca_cert.pem At the end of this process I enter DN fields as follow: Country Name (2 letter code) [AU]:US State or Province Name (Full Name) [Some-State]:Florida Locality Name (eg, city)[]:Miami Organization Name (eg, company) [Internet Widgits Pty Ltd]:Coca Cola Organization Unit Name (eg, section) []:Drinks Common Name (e.g. server FQDN or YOUR name) []:Miki Email Address []: I convert the ec_ca_cert.pem certificate to DER format: openssl x509 -in ec_ca_cert.pem -inform PEM -out ec_ca_cert.der -outform DER When I edit the ec_ca_cert.der file with an HEX editor, I can clearly see that the Country field is encoded as PRINTABLESTRING (Type=0x13) while all the other fields (Locality Name, Organization Name, Organization Unit Name, Common Name) are encoded as UTF8STRING (Type=0x0c). Is there a reason for this, or is there something wrong with my process, or an openssl issue?
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org