Show Posts
1
19.7 Legacy Series / certificate SSLVPN Server Certificate is not intended for server use
« on: September 08, 2019, 10:51:43 pm »
Running a new install of OPNsense 19.7.3-amd64 and trying to set-up a VPN according to: https://wiki.opnsense.org/manual/how-tos/sslvpn_client.html
I'm currently stuck in "Step 1 - Add SSL Server"
When I try to save the VPN: OpenVPN: Servers I get the error:
Looked around the web and found one potential solution: https://forum.opnsense.org/index.php?PHPSESSID=pitp0m0i3gpuvgbbds51rh35g2&topic=12092.0
However, this does not seem to work for me.
The solution listed there is to make sure
In my case they are.
Note this is by default.
X509 settings are set by default and not tuneable in the web GUI.
Just in case, here is the part of that part of the certificate:
Any other ideas how to solve this issue?
I'm currently stuck in "Step 1 - Add SSL Server"
When I try to save the VPN: OpenVPN: Servers I get the error:
Code: [Select]
The following input errors were detected:
• certificate SSLVPN Server Certificate is not intended for server useLooked around the web and found one potential solution: https://forum.opnsense.org/index.php?PHPSESSID=pitp0m0i3gpuvgbbds51rh35g2&topic=12092.0
However, this does not seem to work for me.
The solution listed there is to make sure
Quote
'X509v3 key usage' and 'X509v3 Extended key usage' optionsare set.
In my case they are.
Note this is by default.
X509 settings are set by default and not tuneable in the web GUI.
Just in case, here is the part of that part of the certificate:
Code: [Select]
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
XXXXXX
X509v3 Authority Key Identifier:
keyid: XXXXXXX
serial:00
X509v3 Extended Key Usage:
TLS Web Client AuthenticationAny other ideas how to solve this issue?