For an international domain name with non-ASCII characters, what goes into the CSR's CN field?

As I came across the same problem I did some research and found the following:

Common name in the CSR code needs to be of a certain format. General requirements are latin alphanumeric characters and no special symbols like ! @ # $ % ^ ( ) ~ ? > < & / \ , . " ' _ More peculiarities are described here for your reference. IDN (International Domain Names) common names should be first converted into the punycode, and then indicated in the CSR.

Source: http://helpdesk.ssls.com/hc/en-us/articles/204299792-How-to-make-sure-domain-is-correct-in-the-CSR-

Step 1: Convert your International Domain Name (IDN)

Using the IDN Conversion Tool, convert your International Domain Name (IDN) into ASCII characters

Source: https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=INFO3118

Though I didn't see any explicit mentioning, my guess is if your browser supports IDN Domains for URLs, the certficates should work as well.

;TLDR - use the ascii encoded domain like: xn--cjs.com