Buchan Milne wrote: > However, according to the OpenVPN docs (http://openvpn.net/howto.html#mitm) - > which I consulted after getting a message such as "invalid purpose" from > OpenVPN - I need:
> nsCertType = server > keyUsage = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement > extendedKeyUsage = serverAuth Well then change it for your needs - the vpn extension template isn't specifically for openvpn, its just an starting point for a vpn-server, like the other role-templates and there openssl-config-templates too. Extensions and other things should be defined in a policy outside the pki and thus the pki-software has to be configured depending on those definements in such an policy which is usually depending on organizational needs and the environment the pki gets deployed for. greetings dalini ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
