Hello,
I have been trying to figure out how to add the nsCertType=server extension
for certificates I am giving to my openvpn servers.
I have a [ req ] section of my openssl.cnf file, which I have some options
set in, and I also have a
[ server ] sections which has only one line: nsCertType =
Hi Derek,
Derek Cole wrote:
Hello,
I have been trying to figure out how to add the nsCertType=server
extension for certificates I am giving to my openvpn servers.
I have a [ req ] section of my openssl.cnf file, which I have some
options set in, and I also have a
[ server ] sections
In ssl-admin, we have
nsCertType = server
extendedKeyUsage = serverAuth
And I run the following OpenSSL command:
openssl req -extensions server -new -keyout foo.key -out foo.csr -config
/path/to/openssl.cnf -batch
If you don't want an encrypted cert, add -nodes to the command line.
In
Derek Cole wrote:
Well, unfortunately I have a requirement to use the Windows server
2008 certificate authority role. I have never used it before, so I am
not exactly sure what I am doing. Is the nsCertType=server something
that has to also be applied to the certificate authority? I did
Oh I see. I am using the windows certificate authority to sign the
certificate. This sounds like maybe I need to rebuild that CA with some
options to issue as a server? I thought that it was the requesting party
that could specify what kind of certificate they wanted.
On Wed, Aug 20, 2014 at
Derek Cole wrote:
Oh I see. I am using the windows certificate authority to sign the
certificate. This sounds like maybe I need to rebuild that CA with some
options to issue as a server? I thought that it was the requesting party
that could specify what kind of certificate they wanted.
A
Great - thakns for the information. I had come across that nsCertType
deprecation and spent the afternoon implementing the remote-cert-tls
directive. So far I was able to issue certificates that are either client
or server, with the right attributes. Am I correct in understanding you
that if I
Hi there
I simply can't get it to work. I have openvpn-2.3.4 client for Win7
talking to a CentOS-6 openvpn-2.3.2 server and push-peer-info is set
in the client. However, even though I have both tls-verify and
client-connect set to scripts on the server, which contain set
/tmp/file to dump