: For an international domain name with non-ASCII characters, what goes into the CSR's CN field? Suppose I control the international domain name (IDN) münchen.example.com (xn--mnchen-3ya.example.com).

@Cooney921

As I came across the same problem I did some research and found the following:


Common name in the CSR code needs to be of a certain format. General requirements are latin alphanumeric characters and no special symbols like ! @ # $ % ^ ( ) ~ ? > < & / , . " ' _ More peculiarities are described here for your reference. IDN (International Domain Names) common names should be first converted into the punycode, and then indicated in the CSR.


Source: helpdesk.ssls.com/hc/en-us/articles/204299792-How-to-make-sure-domain-is-correct-in-the-CSR-

Step 1: Convert your International Domain Name (IDN)

Using the IDN Conversion Tool, convert your International Domain Name (IDN) into ASCII characters


Source: search.thawte.com/support/ssl-digital-certificates/index?page=content&id=INFO3118
Though I didn't see any explicit mentioning, my guess is if your browser supports IDN Domains for URLs, the certficates should work as well.

;TLDR - use the ascii encoded domain like: xn--cjs.com

Vote Up Vote Down

@Sims2060225

The Common Name is typically composed of Host + Domain Name and will look like "www.yoursite.com" or "yoursite.com". SSL Server Certificates are specific to the Common Name that they have been issued to at the Host level. The Common Name must be the same as the Web address you will be accessing when connecting to a secure site. For example, a SSL Server Certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "secure.domain.com", as "www.domain.com" and "secure.domain.com" are different from "domain.com". You would need to create a CSR for the correct Common Name. When the Certificate will be used on an Intranet (or internal network), the Common Name may be one word, and it can also be the name of the server.

Vote Up Vote Down