This post covers my debugging of a self-signed certificate on one of my Bacula instances. The error message is: I’ve encountered that unsupported certificate purpose message before: OpenVPN: unsupported certificate purpose SSL client vs server certificates and bacula-fd I always thought it was a server versus client issue. Now I’m not so sure. There was […]
Getting the right type of certificate Read More »
After the former FreshPorts server was retired, its OpenVPN credential were revoked. I maintain those certificates via ssl-admin. I uploaded the new CRL into the System | Certificate Manager | Certificate Revocation page in pfSense. Today, I was seeing strange errors in Nagios, and figured someone wasn’t connected to the VPN. Checking OpenVPN client logs,
openvpn: error=CRL has expired Read More »
See also SSL client vs server certificates and bacula-fd. I use OpenVPN since at least 2008 – now going on 13 years. I find it to be reliable and stable. A few days ago, I added another client to a VPN. I run this particular network with self-signed certificates which I create using ssl-admin –
OpenVPN: unsupported certificate purpose Read More »
People often talk about security. There are many different types of security. Personal security. Security theater. Physical security. In this post, we’ll talk about securing communications channels so that others cannot listen in, and so that others cannot connect. In this article, I’ll talk about using a toolkit, ssl-admin, to create a certificate authority, create