Have you ever crafted a CSR and set the attributes, but found the attribute where unreadable when using openssl or one of the many CSR/CERT checkers?
The problem could be the string_mask.
Here's the manpage for openssl req
Now let's look at how we can set the string mask in our ssl config file
Now with the cli cmd openssl req -in <csrname> -noout -text the attribute strings are readable
kfelix @ socpuppets.com
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
=( @ @ )=