From: Ives S. <da...@da...> - 2006-03-15 17:08:03
|
Buchan Milne wrote: > However, according to the OpenVPN docs (http://openvpn.net/howto.html#mitm) - > which I consulted after getting a message such as "invalid purpose" from > OpenVPN - I need: > nsCertType = server > keyUsage = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement > extendedKeyUsage = serverAuth Well then change it for your needs - the vpn extension template isn't specifically for openvpn, its just an starting point for a vpn-server, like the other role-templates and there openssl-config-templates too. Extensions and other things should be defined in a policy outside the pki and thus the pki-software has to be configured depending on those definements in such an policy which is usually depending on organizational needs and the environment the pki gets deployed for. greetings dalini |