On Wednesday 15 March 2006 19:11, Ives Steglich wrote: > Buchan Milne wrote: > > However, according to the OpenVPN docs > > (http://openvpn.net/howto.html#mitm) - which I consulted after getting a > > message such as "invalid purpose" from OpenVPN - I need: > > > > nsCertType = server > > keyUsage = nonRepudiation, digitalSignature, keyEncipherment, > > keyAgreement extendedKeyUsage = serverAuth > > Well then change it for your needs - the vpn extension template isn't > specifically for openvpn, its just an starting point for a vpn-server, > like the other role-templates and there openssl-config-templates too. >
Well, the link above says: "The RFC3280 determine that the following attributes should be provided for TLS connections: Mode Key usage Extended key usage Client digitalSignature,keyAgreement TLS Web Client Authentication Server digitalSignature,keyEncipherment,keyAgreement TLS Web Server Authentication " So, I don't think this is specific to OpenVPN. Regards, Buchan -- Buchan Milne ISP Systems Specialist B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)
pgpfj9SplVPaX.pgp
Description: PGP signature
