[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] verifying ns cert type?

  • Subject: Re: [Openvpn-users] verifying ns cert type?
  • From: "Dave" <dmehler26@xxxxxxxxxx>
  • Date: Tue, 5 Feb 2008 06:45:04 -0500

    Thanks for your reply. I've confirmed that my key does not have the ns 
cert type on it, it was made and setup by another. I'd like to correct this, 
do i have to issue a .crl or just remake the key?

----- Original Message ----- 
From: "Jan Just Keijser" <janjust@xxxxxxxxx>
To: "Dave" <dmehler26@xxxxxxxxxx>
Cc: <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
Sent: Tuesday, February 05, 2008 5:34 AM
Subject: Re: [Openvpn-users] verifying ns cert type?

> do a
>  openssl x509 -text -noout -in <your-server-cert>
> and look at the X509v3 extensions section; for a 'Netscape Server' I get
>        X509v3 extensions:
>            X509v3 Basic Constraints:
>            CA:FALSE
>            Netscape Cert Type:
>            SSL Server
>            Netscape Comment:
>            OpenSSL Generated Server Certificate
>            X509v3 Subject Key Identifier:
>            ...
>            X509v3 Authority Key Identifier:
>            ...
>            X509v3 Extended Key Usage:
>            TLS Web Server Authentication
>            X509v3 Key Usage:
>            Digital Signature, Key Encipherment
> HTH,
> Dave wrote:
>> Hello,
>>     I've got an openvpn server that i have to manage. One thing i want to 
>> do is set all clients to verify the server certificate. I do not know if 
>> the server's certificate was generated with it's ns cert type set to 
>> server, i've now set the openssl config file to generate all future keys 
>> set to server. I'd rather not regenerate and redistribute this key unless 
>> i have to, is there a way i can check the existing server keys to see 
>> what their ns cert value is?

Openvpn-users mailing list