utf 8 - How to create CSR with utf8 subject in openssl? -

i trying generate certificate signing request utf-8 subject.

$ openssl req  -utf8 -nodes -newkey rsa:2048 -keyout my.private_key.pem -out my.csr.pem -text generating 2048 bit rsa private key ......................................................................................................................................................................+++ ......+++ writing new private key 'my.private_key.pem' ----- asked enter information incorporated certificate request. enter called distinguished name or dn. there quite few fields can leave blank fields there default value, if enter '.', field left blank. ----- country name (2 letter code) [pl]: state or province name (full name) []:zażółć gęślą jaźń problems making certificate request 12376:error:0d07a07c:asn1 encoding routines:asn1_mbstring_ncopy:illegal characters:a_mbstr.c:162: 

terminal encoding utf-8, same problem when use command line subject (...) -subj /c=pl/st=zażółć\ gęślą\ jaźń/o=my-company/cn=thisismeforsure

when skip -utf8 switch, csr generated non-ascii characters replaced hex notation (eg ó becomes \xc3\xb3). such csr cannot read php (openss_x509_parse) - original ó read 4 bytes, representing 2 weird characters...

what doing wrong?

i've been successful command

openssl req -new -utf8 -nameopt multiline,utf8 -config example.com.cnf -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr 

where example.com.cnf configuration file in utf-8:

[req] prompt = no distinguished_name = dn req_extensions = ext  [dn] cn = Описание сайта                # site description emailaddress = envek@envek.name o = Моя компания                   # company ou = Моё подразделение             # dept l = Москва                         # moscow c = ru  [ext] subjectaltname = dns:example.com,dns:*.example.com 

displayed correctly in chrome, firefox, , safari.