Forum Discussion

Evan_25555's avatar
Historic F5 Account
Jun 12, 2012

Determining encoding schemes of SSL traffic Certifcates

It's probably worth mentioning that this question has nothing to do with certificate formats (PEM, PKCS...), rather it has to do how attributes of the certificate are encoded.



When our servers would authenticate to certain mobile users (specifically Android), the "CommonName" attribute appears mangled. According to our security review team, this is due to the fact that the CommonName field is encoded using BMPString which according to RFC 2459 is deprecated:



“The UTF8String encoding is the preferred encoding, and all certificates issued after December 31, 2003 MUST use the UTF8String encoding of DirectoryString (except as noted below). “



I have attempted to determine what encoding schemes our certificates use according to this reference without much success:


In reviewing the output below, I see no mention of UTF8 or any other encoding scheme. Does anyone have any thoughts concerning how we might establish which encoding scheme is being employed or what clues I might be overlooking in the (sanitized), output below?



tmp openssl asn1parse -inform DER -in


0:d=0 hl=4 l=1108 cons: SEQUENCE


4:d=1 hl=4 l= 828 cons: SEQUENCE


8:d=2 hl=2 l= 3 cons: cont [ 0 ]


10:d=3 hl=2 l= 1 prim: INTEGER :02


13:d=2 hl=2 l= 17 prim: INTEGER :8A6CBD017E6BB38DC6DA228E3B211727


32:d=2 hl=2 l= 13 cons: SEQUENCE


34:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption


45:d=3 hl=2 l= 0 prim: NULL


47:d=2 hl=2 l= 88 cons: SEQUENCE


49:d=3 hl=2 l= 27 cons: SET


51:d=4 hl=2 l= 25 cons: SEQUENCE


53:d=5 hl=2 l= 3 prim: OBJECT :organizationName


58:d=5 hl=2 l= 18 prim: PRINTABLESTRING :Example, Inc


78:d=3 hl=2 l= 33 cons: SET


80:d=4 hl=2 l= 31 cons: SEQUENCE


82:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName


87:d=5 hl=2 l= 24 prim: PRINTABLESTRING :Example, Inc Certificate Services


113:d=3 hl=2 l= 22 cons: SET


115:d=4 hl=2 l= 20 cons: SEQUENCE


117:d=5 hl=2 l= 3 prim: OBJECT :commonName


122:d=5 hl=2 l= 13 prim: PRINTABLESTRING :Example SSL CA v1


137:d=2 hl=2 l= 30 cons: SEQUENCE






No RepliesBe the first to reply