Confirmed on production version on M$ windows.
regarding>> I am in search of more information.
This issue is confirmed.
I am not able to generate a request with a null character prefix CN using Microsoft's CAPI (via CertEnroll API),
Unfortunately I am able to reproduce this quite easily by creating a certificate with other widely used crypto API's.
When I view the cert which I generated in a recent supported version of windows I can confirm the issue is still present.
"Crypto Shell Extentions" which uses MS CAPI API's allows me to see the certificate's subject as only the portion before the null.
In my opinion CAPI's handing of directory strings using CString V.S. AS1 DERPrintableString is broken.
While CAPI is smart enought to not let us generate a signing request with broken RDN components, certificate subject validation + display is indeed broken.
This is not good.
~Gordo