certificate SSLVPN Server Certificate is not intended for server use

[a4og5n]

Running a new install of OPNsense 19.7.3-amd64 and trying to set-up a VPN according to: https://wiki.opnsense.org/manual/how-tos/sslvpn_client.html

I'm currently stuck in "Step 1 - Add SSL Server"

When I try to save the VPN: OpenVPN: Servers I get the error:

Code Select Expand

The following input errors were detected:
• certificate SSLVPN Server Certificate is not intended for server use

Looked around the web and found one potential solution: https://forum.opnsense.org/index.php?PHPSESSID=pitp0m0i3gpuvgbbds51rh35g2&topic=12092.0

However, this does not seem to work for me.

The solution listed there is to make sure

'X509v3 key usage' and 'X509v3 Extended key usage' options

are set.

In my case they are.
Note this is by default.
X509 settings are set by default and not tuneable in the web GUI.

Just in case, here is the part of that part of the certificate:

Code Select Expand

X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Key Usage:
                Digital Signature, Non Repudiation, Key Encipherment
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                XXXXXX
            X509v3 Authority Key Identifier:
                keyid: XXXXXXX
                serial:00

            X509v3 Extended Key Usage:
                TLS Web Client Authentication

Any other ideas how to solve this issue?

[mgear]

Hi, I also seem to be running into this issue..Has anyone found a solution to this?

[mgear]

Actually I didn't select the options to make the certificate a "server certificate" in the "type field when creating the internal SSL Cert. My mistake. I overlooked the field.
Her eis a snapshot if this helps anyone else.