The CertificateAuthority tool in ERP5 uses UTF8 encoding for certificates, but by default OpenSSL does not. This cause an error when using non-ascii characters:
The localityName field is different between CA certificate and the requestTo solve the problem, the Certificate Authority recipe should use the same
encoding as ERP5, which requires adding -utf8 option when invoking
OpenSSL.
For instance, creating a certificate with localityName Москва
will give the following with the default OpenSSL encoding:
\C3\90\C2\9C\C3\90\C2\BE\C3\91\C2\81\C3\90\C2\BA\C3\90\C2\B2\C3\90\C2\B0.
UTF8-encoding this same string gives \D0\9C\D0\BE\D1\81\D0\BA\D0\B2\D0\B0,
which is what ERP5 expects.