03 Troubleshooting
Client, Server
Certificates containing extended characters
When performing the action "Add Internet Cert To Selected People" in the Domino Directory, Internet certificates are created with the ASN1 encoding of the x.509 certificate as follows:
1. Printable
2. IA5
3. Latin-1
4. BMP (form of Unicode).
However, please note that a NOTES.INI setting allows the user to default to UTF8 instead of BMP.
If the user has extended characters (not Printable, not IA5, and not Latin-1) in its user name then the X.509 certificate, created by the above action, includes BMP-labeled (or UTF8-labeled) strings. When a Netscape user tries to open signed mail sent by such a user with BMP or UTF8 strings in its certificate, Netscape crashes. (NOTE: This was corrected in R5.0.1)
When creating certificates and certificate requests for key ring files, or when creating certificates from Web client certificate requests via the Domino Certificate Authority, Domino encodes distinguished name character strings via the following procedure:
If the string contains only ASN1 printable characters: encoded as a DER printable string
If the string contains only US-ASCII characters: encoded as a IA5 string
If the string contains non-US-ASCII characters: encoded as a T.61string using Latin-1 character set
To change how non-US-ASCII strings are encoded use the NOTES.INI setting, IntlDERStringEncodeType as follows. (This should be set on both the Domino server and the Notes client that hosts the Domino Certificate Authority application and the Domino Certificate Administration application.):
IntlDERStringEncodeType=1 Encode non-US-ASCII strings as UTF8
IntlDERStringEncodeType=2 Encode non-US-ASCII strings as BMP
Topics