我正在嘗試使用UTF-8主題生成證書籤名請求。如何在openssl中使用utf8主題創建CSR?
$ openssl req -utf8 -nodes -newkey rsa:2048 -keyout my.private_key.pem -out my.csr.pem -text
Generating a 2048 bit RSA private key
......................................................................................................................................................................+++
......+++
writing new private key to 'my.private_key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [PL]:
State or Province Name (full name) []:Zażółć gęślą jaźń
problems making Certificate Request
12376:error:0D07A07C:asn1 encoding routines:ASN1_mbstring_ncopy:illegal characters:a_mbstr.c:162:
終端編碼是UTF-8,I得到了同樣的問題,當我使用命令行受試者 (...) -subj /C=PL/ST=zażółć\ gęślą\ jaźń/O=my-company/CN=ThisIsMeForSure
當我跳過-utf8
開關,CSR與替換所有的非ASCII字符產生用十六進制符號(例如ó
變成\xC3\xB3
)。這樣的CSR無法用php(openss_x509_parse
)正確讀取 - 原始的ó
被讀爲四個字節,代表兩個奇怪的字符...
我在做什麼錯?
使用'openssl req' * *沒有*自定義conf文件意味着服務器名稱將在'CN'中。 IETF和CA/B論壇都不贊成這種做法。相反,你應該確保服務器名稱(和IP地址)在'SAN'中。例如,請參閱[如何使用openssl創建自簽名證書?](http://stackoverflow.com/a/27931596)(答案用於簽署請求和自簽名證書)。並且在配置文件中設置了'string_mask = utf8only'。 – jww 2015-04-15 12:07:56