On Fri, Mar 15, 2013 at 09:44:13AM +0100, Zbyn?k Krej??k wrote:
> I tried this some 2yrs ago what seemed to work (at least wins showed the
> strings in cert correctly)
>
> in
> [ req ]
> ...
> distinguished_name = req_distinguished_name
> attributes = req_attributes
> string_mask = utf8only
> utf8 = yes
FWIW with OpenSSL 1.0.1e just "string_mask" is sufficient, but "utf8" is
neither sufficient nor necessary.
$ cat foo.cnf
[ req ]
distinguished_name = dn
prompt = no
string_mask = utf8only
[ dn ]
countryName = US
stateOrProvinceName = New York
localityName = New York
organizationName = Example Corp
commonName = mail.example.com
[ v3_req ]
extendedKeyUsage = serverAuth, clientAuth
$ openssl req -new -config foo.cnf -reqexts v3_req -key key.pem |
openssl asn1parse
0:d=0 hl=4 l= 335 cons: SEQUENCE
4:d=1 hl=3 l= 247 cons: SEQUENCE
7:d=2 hl=2 l= 1 prim: INTEGER :00
10:d=2 hl=2 l= 101 cons: SEQUENCE
12:d=3 hl=2 l= 11 cons: SET
14:d=4 hl=2 l= 9 cons: SEQUENCE
16:d=5 hl=2 l= 3 prim: OBJECT :countryName
21:d=5 hl=2 l= 2 prim: PRINTABLESTRING :US
25:d=3 hl=2 l= 17 cons: SET
27:d=4 hl=2 l= 15 cons: SEQUENCE
29:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
34:d=5 hl=2 l= 8 prim: UTF8STRING :New York
44:d=3 hl=2 l= 17 cons: SET
46:d=4 hl=2 l= 15 cons: SEQUENCE
48:d=5 hl=2 l= 3 prim: OBJECT :localityName
53:d=5 hl=2 l= 8 prim: UTF8STRING :New York
63:d=3 hl=2 l= 21 cons: SET
65:d=4 hl=2 l= 19 cons: SEQUENCE
67:d=5 hl=2 l= 3 prim: OBJECT :organizationName
72:d=5 hl=2 l= 12 prim: UTF8STRING :Example Corp
86:d=3 hl=2 l= 25 cons: SET
88:d=4 hl=2 l= 23 cons: SEQUENCE
90:d=5 hl=2 l= 3 prim: OBJECT :commonName
95:d=5 hl=2 l= 16 prim: UTF8STRING :mail.example.com
...
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
