diff --git a/pkg/tlsx/clients/utils.go b/pkg/tlsx/clients/utils.go
index dd9bbc2b..429190d5 100644
--- a/pkg/tlsx/clients/utils.go
+++ b/pkg/tlsx/clients/utils.go
@@ -9,14 +9,17 @@ import (
 	"net"
 	"strings"
 	"time"
-
+    "unicode/utf8"
 	"github.com/projectdiscovery/utils/errkit"
 	iputil "github.com/projectdiscovery/utils/ip"
 	mapsutil "github.com/projectdiscovery/utils/maps"
 )
-
 func Convertx509toResponse(options *Options, hostname string, cert *x509.Certificate, showcert bool) *CertificateResponse {
-	domainNames := []string{cert.Subject.CommonName}
+subjectCN := sanitizeCN(cert.Subject.CommonName)
+	issuerCN := sanitizeCN(cert.Issuer.CommonName)
+
+
+	domainNames := []string{subjectCN}
 	domainNames = append(domainNames, cert.DNSNames...)
 	response := &CertificateResponse{
 		SubjectAN:    cert.DNSNames,
@@ -28,9 +31,9 @@ func Convertx509toResponse(options *Options, hostname string, cert *x509.Certifi
 		MisMatched:   IsMisMatchedCert(hostname, domainNames),
 		Revoked:      IsTLSRevoked(options, cert),
 		WildCardCert: IsWildCardCert(domainNames),
-		IssuerCN:     cert.Issuer.CommonName,
+		IssuerCN:     issuerCN,
 		IssuerOrg:    cert.Issuer.Organization,
-		SubjectCN:    cert.Subject.CommonName,
+		SubjectCN:    subjectCN,
 		SubjectOrg:   cert.Subject.Organization,
 		FingerprintHash: CertificateResponseFingerprintHash{
 			MD5:    MD5Fingerprint(cert.Raw),
@@ -153,3 +156,20 @@ func IsClientCertRequiredError(err error) bool {
 	}
 	return false
 }
+func sanitizeCN(s string) string {
+	var b strings.Builder
+	b.Grow(256 * utf8.UTFMax)
+	count := 0
+	for len(s)>0 && count<256 {
+		r, size := utf8.DecodeRuneInString(s)
+		if r == utf8.RuneError && size == 1 {
+			s = s[1:]
+			continue
+		}
+		b.WriteRune(r)
+		s = s[size:]
+		count++
+	}
+
+	return b.String()
+}