jovice wrote:
>
> Hi,
> I'm ues MSIE's xenroll to generate a certificate with big5 charset subject.
> then I want to use openssl to sign it,but it doesn't work.
> then error message is
>
> commonName :ASN.1 30:'
> The string contains characters that are illegal for the ASN.1 type
>
> I use command --"openssl req -in test_req -text -noout"-- to see what the subject
>of the request is.
>
> Certificate Request:
> Data:
> Version: 0 (0x0)
> Subject: CN=\x91\xD1, OU=CA, O=Tisnet, C=TW
>
> the CN should be \xAA\xF7 , What's wrong with it?
>
The 'ca' command doesn't properly handle BMPStrings yet and may give
problems.
The req output is the BMPString (Unicode in big endian format or near
enough) encoding.
You should be able to use the 'x509' utility to sign the request.
Please note that the use of BMPStrings in certificates will confuse or
crash all versions of Netscape except those using PSM.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
