Hi Christian, I'm afraid this patch is incorrect. In particular, - chars = CertRDNValueToStrA( - rdn->rgRDNAttr[j].dwValueType, - &rdn->rgRDNAttr[j].Value, psz ? psz + ret : NULL, - psz ? csz - ret : 0); + if ((dwStrType & 0x000000ff) == CERT_X500_NAME_STR) + chars = quote_string_a( + rdn->rgRDNAttr[j].dwValueType, + &rdn->rgRDNAttr[j].Value, psz ? psz + ret : NULL, + psz ? csz - ret : 0); + else + chars = CertRDNValueToStrA( + rdn->rgRDNAttr[j].dwValueType, + &rdn->rgRDNAttr[j].Value, psz ? psz + ret : NULL, + psz ? csz - ret : 0); This change (and the corresponding one to CertNameToStrW) is incorrect. I tested a couple of strings with CERT_SIMPLE_NAME_STR, and they are also quoted. I can try to take these over if you like, or you can continue to work on them. Let me know what you prefer. --Juan