OpenSSL and IDN Certificates

Posted by on January 3, 2010 Leave a comment (0) Go to comments

As internationalized domain names (IDN) proliferate more people need to test with, and ultimately purchase, IDN certificates. If you need to generate a CSR or even a self-signed certificate for an internationalized domain follow these steps:

  1. Take the UTF-8 characters and paste them into a punycode converter (also known as ASCII compatible encoding, or ACE).
  2. The resulting converted text will be a fairly long string that starts with “xn--”. Copy the entire thing.
  3. Now run this command.

For CSR generation1:

openssl req -new -nodes -out mycsr.csr -keyout mykey.pem -newkey rsa:2048

For self-signed certificate generation2:

openssl req -new -nodes -x509 -days 3650 -out mycert.cer -keyout mykey.pem -newkey rsa:2048

Either way, follow the prompts and when you reach Common Name paste the text you copied from the punycode converter. Now you can submit your CSR to a certification authority or install the self-signed certificate for testing.

  1. We are generating a 2048-bit CSR
  2. This will generate a 10 year self-signed certificate.
Posts,

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="" highlight="">