问题描述
我正在尝试生成带有UTF-8主题的证书签名请求.
I am trying to generate Certificate Signing Request with UTF-8 subject.
$ openssl req -utf8 -nodes -newkey rsa:2048 -keyout my.private_key.pem -out my.csr.pem -text
Generating a 2048 bit RSA private key
......................................................................................................................................................................+++
......+++
writing new private key to 'my.private_key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [PL]:
State or Province Name (full name) []:Zażółć gęślą jaźń
problems making Certificate Request
12376:error:0D07A07C:asn1 encoding routines:ASN1_mbstring_ncopy:illegal characters:a_mbstr.c:162:
终端编码为UTF-8,当我使用命令行主题时遇到相同的问题(...) -subj /C=PL/ST=zażółć\ gęślą\ jaźń/O=my-company/CN=ThisIsMeForSure
Terminal encoding is UTF-8, I get the same problem when I use command line subject(...) -subj /C=PL/ST=zażółć\ gęślą\ jaźń/O=my-company/CN=ThisIsMeForSure
当我跳过-utf8
开关时,将生成CSR,并用十六进制表示法替换所有非ASCII字符(例如,ó
变为\xC3\xB3
).这样的CSR无法用php(openss_x509_parse
)正确读取-原始的ó
被读取为四个字节,代表两个奇怪的字符...
When I skip the -utf8
switch, the CSR is generated with all the non-ascii characters replaced with hex notation (eg ó
becomes \xC3\xB3
). Such CSR cannot be read properly with php (openss_x509_parse
) - the original ó
is read as four bytes, representing two weird characters...
我做错了什么?
推荐答案
我已经成功使用了命令
openssl req -new -utf8 -nameopt multiline,utf8 -config example.com.cnf -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr
example.com.cnf
是UTF-8中的配置文件:
Where example.com.cnf
is a configuration file in UTF-8:
[req]
prompt = no
distinguished_name = dn
req_extensions = ext
[dn]
CN = Описание сайта # Site description
emailAddress = [email protected]
O = Моя компания # My company
OU = Моё подразделение # My dept
L = Москва # Moscow
C = RU
[ext]
subjectAltName = DNS:example.com,DNS:*.example.com
在Chrome,Firefox和Safari中正确显示.
Displayed correctly in Chrome, Firefox, and Safari.
这篇关于如何在openssl中用utf8主题创建CSR?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!