Problem

Registration issue when the Governance CA and Business CA certificates are generated with UTF8String

When using openssl, certificates are created in UTF8 strings which is the recommended since 2003 by the RFC.
o https://tools.ietf.org/html/rfc4630#section-3
o In Section 4.1.2.4, RFC 3280 says:

The DirectoryString type is defined as a choice of
PrintableString, TeletexString, BMPString, UTF8String, and
UniversalString. The UTF8String encoding [RFC 2279] is the
preferred encoding, and all certificates issued after December 31,
2003 MUST use the UTF8String encoding of DirectoryString (except
as noted below). Until that date, conforming CAs MUST choose from
the following options when creating a distinguished name,
including their own:

(a) if the character set is sufficient, the string MAY be
represented as a PrintableString;

(b) failing (a), if the BMPString character set is sufficient
the string MAY be represented as a BMPString; and

(c) failing (a) and (b), the string MUST be represented as a
UTF8String. If (a) or (b) is satisfied, the CA MAY still
choose to represent the string as a UTF8String.

But Java does not support it yet so our product.

Resolution

Use PrintableString instead of UFT8String