Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
[SOLVED] Certificate check wrong result?
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Certificate check wrong result? (Read 6509 times)
siegfried
Newbie
Posts: 26
Karma: 3
[SOLVED] Certificate check wrong result?
«
on:
March 18, 2019, 12:37:41 pm »
Hello all,
i'm using certificates issued by our internal PKI, all the certs for the boxes are generated with extentedKeyUsage for serverAuth. In the past i was able to make changes in OpenVPN servers. But the GUI is showing me (since update to 19.1.4?) that the cert is not used for server use. So i cannot make any changes in OpenVPN configuration, the GUI is telling me that that "certificate is not intended for server use".
Also a certificate issued by the internal CA is unusable for OpenVPN server (same message)...what's wrong?
Thanks in advance for your help!
«
Last Edit: March 18, 2019, 04:36:18 pm by franco
»
Logged
siegfried
Newbie
Posts: 26
Karma: 3
Re: Certificate check wrong result?
«
Reply #1 on:
March 18, 2019, 02:03:02 pm »
Solved: the cert has to be set both for keyUsage AND ExtendedKeyUsage for OpenVPN. But in the past (pre 19.1.3) it was possible a server cert just with ExtentedKeyUsage and set the client options.
Logged
sulci
Newbie
Posts: 2
Karma: 0
Re: [SOLVED] Certificate check wrong result?
«
Reply #2 on:
April 23, 2019, 10:51:05 am »
Hello!
Could you tell me, how did you do that?
Best Regards
Logged
Vincent Chen
Newbie
Posts: 8
Karma: 0
Re: [SOLVED] Certificate check wrong result?
«
Reply #3 on:
May 19, 2019, 09:48:46 am »
I just migrate to opnsense today and got the same issue. Here is how I solve this problem:
When create certificate for openvpn server, you should have 'X509v3 key usage' and
'X509v3 Extended key usage' options. My first created certificate only has 3 'X509v3 key usage'
digital signaute, non repudiation, key encipherment, and this certificate wont work instead
showed describe error above. While create seconde certificate, I also select 3 'X509v3 Extended key usage'
TLS web server, TLS web client, code signing, and this one accepted by opnsense openvpn
server.
Hope this helps
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
[SOLVED] Certificate check wrong result?