OpenSSL and IDN Certificates
As internationalized domain names (IDN) proliferate more people need to test with, and ultimately purchase, IDN certificates. If you need to generate a CSR or even a self-signed certificate for an internationalized domain follow these steps:
-
Take the UTF-8 characters and paste them into a punycode converter (also known as ASCII compatible encoding, or ACE).
-
The resulting converted text will be a fairly long string that starts with “xn–”. Copy the entire thing.
-
Now run this command.
For CSR generation1:
openssl req -new -nodes -out mycsr.csr -keyout mykey.pem -newkey rsa:2048
For self-signed certificate generation2:
openssl req -new -nodes -x509 -days 3650 -out mycert.cer -keyout mykey.pem -newkey rsa:2048
Either way, follow the prompts and when you reach Common Name paste the text you copied from the punycode converter. Now you can submit your CSR to a certification authority or install the self-signed certificate for testing.
-
We are generating a 2048-bit CSR ↩
-
This will generate a 10 year self-signed certificate. ↩