Hi Thomas, after looking at the code I can confirm that we just did not implement nyCertType=server. As Martin already answered this extension is a bit outdated and should not be used, but if you really need it, I compiled a patch to add support for it:
https://github.com/openxpki/openxpki/commit/6000eff331ab7086b3822ba9f599f7d38a9bed10 Oliver Am 18.05.2014 14:39, schrieb Thomas Stähle: > Hi all, > > is it possible to set the value server for the extension nsCertType? > > For OpenVPN server certificates it is recommended to set nsCertType = > server to avoid misuse e.g. MITM attacks. > > In the profile sample file and in the code in > /OpenXPKI/Crypto/Backend/OpenSSL/Config.pm it seems not to be possible > to set it as server but I am able to set every other value for > nsCertType like client, email, sslCA but not server. > > Is there any reason for this? > > References: > * https://www.openssl.org/docs/apps/x509v3_config.html > * > http://openvpn.net/index.php/open-source/documentation/miscellaneous/77-rsa-key-management.html > > regards, > Thomas > > > ------------------------------------------------------------------------------ > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE > Instantly run your Selenium tests across 300+ browser/OS combos. > Get unparalleled scalability from the best Selenium testing platform available > Simple to use. Nothing to install. Get started now for free." > http://p.sf.net/sfu/SauceLabs > > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
