As internationalized domain names (IDN) proliferate more people need to test with, and ultimately purchase, IDN certificates. If you need to generate a CSR or even a self-signed certificate for an internationalized domain follow these steps:

  1. Take the UTF-8 characters and paste them into a punycode converter (also known as ASCII compatible encoding, or ACE).

  2. The resulting converted text will be a fairly long string that starts with “xn–”. Copy the entire thing.

  3. Now run this command.

For CSR generation1:

openssl req -new -nodes -out mycsr.csr -keyout mykey.pem -newkey rsa:2048

For self-signed certificate generation2:

openssl req -new -nodes -x509 -days 3650 -out mycert.cer -keyout mykey.pem -newkey rsa:2048

Either way, follow the prompts and when you reach Common Name paste the text you copied from the punycode converter. Now you can submit your CSR to a certification authority or install the self-signed certificate for testing.

  1. We are generating a 2048-bit CSR 

  2. This will generate a 10 year self-signed certificate.