Creating an OpenSSL Certificate with Non-English Field Values

It is possible to create OpenSSL certificate with non-ASCII characters by using the -utf8 option.

In order to get a certificate for a public key, you create a Certificate Signing Request (CSR) that contains the information to be certified, such as the Distinguished Name and Common Name, Organization, City, State, Country and Contact information.

When creating a CSR, OpenSSL interprets any text you enter as ASCII. If you try to enter non-ASCII characters (such as Chinese), the certificate will contain ‘random’ characters rather than the text you tried to enter.

However, it is possible to change this behaviour using the -utf8 option (see OpenSSL Wiki):

openssl req -new -utf8 -newkey rsa:2048 -sha256 -out csr.pem

In this case, the information entered is interpreted as UTF8, allowing you to enter Chinese characters in the interactive dialog asking for the Common Name, State, City, etc.

Leave a Reply

Your email address will not be published. Required fields are marked *