[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] verifying ns cert type?

  • Subject: Re: [Openvpn-users] verifying ns cert type?
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Tue, 05 Feb 2008 12:52:17 +0100

Hi Dave,

no need to revoke the server key, as you're in control of the server.  
Simply generate a new server key and restart openvpn.



Dave wrote:
> Hi,
>    Thanks for your reply. I've confirmed that my key does not have the 
> ns cert type on it, it was made and setup by another. I'd like to 
> correct this, do i have to issue a .crl or just remake the key?
> Thanks.
> Dave.
> ----- Original Message ----- From: "Jan Just Keijser" <janjust@xxxxxxxxx>
> To: "Dave" <dmehler26@xxxxxxxxxx>
> Cc: <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
> Sent: Tuesday, February 05, 2008 5:34 AM
> Subject: Re: [Openvpn-users] verifying ns cert type?
>> do a
>>  openssl x509 -text -noout -in <your-server-cert>
>> and look at the X509v3 extensions section; for a 'Netscape Server' I get
>>        X509v3 extensions:
>>            X509v3 Basic Constraints:
>>            CA:FALSE
>>            Netscape Cert Type:
>>            SSL Server
>>            Netscape Comment:
>>            OpenSSL Generated Server Certificate
>>            X509v3 Subject Key Identifier:
>>            ...
>>            X509v3 Authority Key Identifier:
>>            ...
>>            X509v3 Extended Key Usage:
>>            TLS Web Server Authentication
>>            X509v3 Key Usage:
>>            Digital Signature, Key Encipherment
>> HTH,
>> JJK
>> Dave wrote:
>>> Hello,
>>>     I've got an openvpn server that i have to manage. One thing i 
>>> want to do is set all clients to verify the server certificate. I do 
>>> not know if the server's certificate was generated with it's ns cert 
>>> type set to server, i've now set the openssl config file to generate 
>>> all future keys set to server. I'd rather not regenerate and 
>>> redistribute this key unless i have to, is there a way i can check 
>>> the existing server keys to see what their ns cert value is?

Openvpn-users mailing list