PacketFence PKI: Common name issue

[lzammit]

I can't put numbers in the common name when creating a certificate

But when I add a letter:

where ub-common-name is 64. The last three encodings allow the use of all [Unicode](http://www.unicode.org/) code points (using UTF-16 for code points beyond 0xFFFF with bmpString); UTF-8 is the preferred encoding (at least the standards say so).

As far as X.509 is concerned (see [RFC 5280](https://www.rfc-editor.org/rfc/rfc5280)), the contents of DN elements are irrelevant beyond equality comparisons; which means that you can put whatever sequence of characters you wish, as long as you do so consistently. RFC 5280 mandates case-insensitive comparisons for UTF-8 encoded name elements, and this is not easy in the general context of Unicode: see section 7.1, which links to RFC [4518](https://www.rfc-editor.org/rfc/rfc4518) and [3454](https://www.rfc-editor.org/rfc/rfc3454). Also, the "common name" is frequently displayed to the user (at least on systems using X.509 certificates which have a display and a physical user), so you probably want to use a string which is meaningful or at least not too scary for a human, and you may try to avoid non-latin scripts.

Putting a DNS name in the "common name" attribute is common practice for HTTPS server certificates: see [RFC 2818](https://www.rfc-editor.org/rfc/rfc2818) (the server certificates contains the server name, which the client matches against the server name in the URL; normally, the Subject Alt Name extension is preferred for that, but the common name is somewhat more widely supported by clients).

https://stackoverflow.com/questions/5136198/what-strings-are-allowed-in-the-common-name-attribute-in-an-x-509-certificate