Hello,
I have been trying to figure out how to add the nsCertType=server extension
for certificates I am giving to my openvpn servers.
I have a [ req ] section of my openssl.cnf file, which I have some options
set in, and I also have a
[ server ] sections which has only one line: nsCertType = ser
Hi Derek,
Derek Cole wrote:
> Hello,
>
> I have been trying to figure out how to add the nsCertType=server
> extension for certificates I am giving to my openvpn servers.
>
> I have a [ req ] section of my openssl.cnf file, which I have some
> options set in, and I also have a
> [ server ] secti
In ssl-admin, we have
nsCertType = server
extendedKeyUsage = serverAuth
And I run the following OpenSSL command:
openssl req -extensions server -new -keyout foo.key -out foo.csr -config
/path/to/openssl.cnf -batch
If you don't want an encrypted cert, add -nodes to the command line.
In easy-
Well, unfortunately I have a requirement to use the Windows server 2008
certificate authority role. I have never used it before, so I am not
exactly sure what I am doing. Is the nsCertType=server something that has
to also be applied to the certificate authority? I did just realize that I
think on
Derek Cole wrote:
> Well, unfortunately I have a requirement to use the Windows server
> 2008 certificate authority role. I have never used it before, so I am
> not exactly sure what I am doing. Is the nsCertType=server something
> that has to also be applied to the certificate authority? I did
Oh I see. I am using the windows certificate authority to sign the
certificate. This sounds like maybe I need to rebuild that CA with some
options to issue as a server? I thought that it was the requesting party
that could specify what kind of certificate they wanted.
On Wed, Aug 20, 2014 at 11:2
I omitted the ssl-admin signing command line:
openssl ca -config /path/to/openssl.cnf -extension server -day -out
foo.crt -in foo.csr -batch
-
Eric F Crist
On Aug 20, 2014, at 10:23:02, Eric Crist wrote:
> In ssl-admin, we have
>
> nsCertType = server
> extendedKeyUsage = serverAuth
>
Derek Cole wrote:
> Oh I see. I am using the windows certificate authority to sign the
> certificate. This sounds like maybe I need to rebuild that CA with some
> options to issue as a server? I thought that it was the requesting party
> that could specify what kind of certificate they wanted.
A
Great - thakns for the information. I had come across that nsCertType
deprecation and spent the afternoon implementing the remote-cert-tls
directive. So far I was able to issue certificates that are either client
or server, with the right attributes. Am I correct in understanding you
that if I isse
Hi there
I simply can't get it to work. I have openvpn-2.3.4 client for Win7
talking to a CentOS-6 openvpn-2.3.2 server and "push-peer-info" is set
in the client. However, even though I have both tls-verify and
client-connect set to scripts on the server, which contain "set >
/tmp/file" to dump en
10 matches
Mail list logo
