# (C) 2005 by Julia Dubenskaya 
# and Sergei Vyshenski 
# for OpenCA project.
# This document can be modified and redistributed along the terms
# of the GNU Free Documentation License 1.2 (or newer)
# You can obtain a copy at http://www.gnu.org/licenses/fdl.txt
 
This text gives main guidelines how to switch on support of
UTF8 strings format of names in requests and certificates,
processed by OpenCA release 0.9.2.3.

By default, old-stile behavior of OpenCA with strict check for LATIN1 
character set in reqs and certs is preserved.

- Distributed version of config.xml file has a new option 'cert_chars'
with empty value. This can be switched on to values { UTF8 | LATIN1 }. 
If this option is absent or empty, old LATIN1 mode is implied.

- Options related to utf8 are set or removed in OpenSSL config files by a simple
addendum to the configure_etc.sh script which follow the above config.xml setting.

- All configuration changes UTF8 <---> LATIN1 are accumulated and centralized 
in a file config.xml which is read by configure_etc.sh. 
This change is reversible (bi-directional), does not require re-installation of 
OpenCA, and ensures overall correctness and self-consistency of multiple 
configuration files.

- At present we leave outside of the scope of UTF8 support: 

1) utf8-related configuration of database 
(but please see our howtos:
OpenCA_PostgreSQL_UTF8.txt and OpenCA_MySQL_UTF8.txt
contributed to the doc area),

2) solving issues with non-uft8 encoded menus seen by the user 
(and we still have non-utf8 translations of the menu system in release 0.9.2.3), 
with necessity of filling-in forms in utf8 as X509 wants.
==============================================================================

TO SWITCH ON AND OFF UTF8 SUPPORT

You should: 

1) install OpenSSL-0.9.8 or later,
2) re-configure and re-install your OpenCA (release 0.9.2.3) from 
sources at least once as OpenCA guide recommends,
3) in particular, configure your OpenCA so that it uses above mentioned 
version of OpenSSL.
4) If you need to store your UTF8-ized reqs or serts in 
PostgreSQL or MySQL databases, please refer to our texts:
OpenCA_PostgreSQL_UTF8.txt and OpenCA_MySQL_UTF8.txt
contributed to the doc area of the OpenCA cvs).

After that you can change UTF8 <---> LATIN1 format of strings allowed 
for names in reqs and certs as follows: 

1) change value of 'cert_chars' option (UTF8 <---> LATIN1 ) 
    in config.xml file;
2) edit values of the options 'default_language' and 'default_charset'
    in config.xml file to describe which user interface you prefer;
3) re-run script configure_etc.sh and 
2) restart ra and/or ca server.

=====================================================

5.8.2005