It turns out that the number of standard ways the fields in a DN should be encoded into their ASN.1 counterparts is rapidly approaching the number of machines on the internet. By default the X509Name class will produce UTF8Strings in line with the current recommendations (RFC 3280).
An example of an encoder look like below:
public class X509DirEntryConverter extends X509NameEntryConverter { public ASN1Primitive getConvertedValue( ASN1ObjectIdentifier oid, String value) { if (str.length() != 0 && str.charAt(0) == '#') { return convertHexEncoded(str, 1); } if (oid.equals(EmailAddress)) { return new DERIA5String(str); } else if (canBePrintable(str)) { return new DERPrintableString(str); } else if (canBeUTF8(str)) { return new DERUTF8String(str); } else { return new DERBMPString(str); } } }