[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] verifying ns cert type?

  • Subject: Re: [Openvpn-users] verifying ns cert type?
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Tue, 05 Feb 2008 11:34:57 +0100

do a
  openssl x509 -text -noout -in <your-server-cert>
and look at the X509v3 extensions section; for a 'Netscape Server' I get

        X509v3 extensions:
            X509v3 Basic Constraints:
            Netscape Cert Type:
            SSL Server
            Netscape Comment:
            OpenSSL Generated Server Certificate
            X509v3 Subject Key Identifier:
            X509v3 Authority Key Identifier:
            X509v3 Extended Key Usage:
            TLS Web Server Authentication
            X509v3 Key Usage:
            Digital Signature, Key Encipherment



Dave wrote:
> Hello,
>     I've got an openvpn server that i have to manage. One thing i want to do 
> is set all clients to verify the server certificate. I do not know if the 
> server's certificate was generated with it's ns cert type set to server, 
> i've now set the openssl config file to generate all future keys set to 
> server. I'd rather not regenerate and redistribute this key unless i have 
> to, is there a way i can check the existing server keys to see what their ns 
> cert value is?

Openvpn-users mailing list