|
|
do a
openssl x509 -text -noout -in <your-server-cert>
and look at the X509v3 extensions section; for a 'Netscape Server' I get
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
OpenSSL Generated Server Certificate
X509v3 Subject Key Identifier:
...
X509v3 Authority Key Identifier:
...
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
HTH,
JJK
Dave wrote:
> Hello,
> I've got an openvpn server that i have to manage. One thing i want to do
> is set all clients to verify the server certificate. I do not know if the
> server's certificate was generated with it's ns cert type set to server,
> i've now set the openssl config file to generate all future keys set to
> server. I'd rather not regenerate and redistribute this key unless i have
> to, is there a way i can check the existing server keys to see what their ns
> cert value is?
>
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|