ssl-admin

Sep 9 2023

Getting the right type of certificate

Leave a Comment / Bacula, FreeBSD, Open Source, ssl-admin / By Dan Langille / September 9, 2023

This post covers my debugging of a self-signed certificate on one of my Bacula instances. The error message is: I’ve encountered that unsupported certificate purpose message before: OpenVPN: unsupported certificate purpose SSL client vs server certificates and bacula-fd I always thought it was a server versus client issue. Now I’m not so sure. There was also an ssl-admin issue In this post: FreeBSD 13.2 ssl-admin-1.3.0 Bacula 9.6.7 – yes, that is rather outdated; […]

Getting the right type of certificate Read More »

Oct 23 2022

openvpn: error=CRL has expired

2 Comments / Open Source, OpenSSL, ssl-admin / By Dan Langille / October 23, 2022

After the former FreshPorts server was retired, its OpenVPN credential were revoked. I maintain those certificates via ssl-admin. I uploaded the new CRL into the System | Certificate Manager | Certificate Revocation page in pfSense. Today, I was seeing strange errors in Nagios, and figured someone wasn’t connected to the VPN. Checking OpenVPN client logs, I found nothing. On the OpenVPN server, I found this message: Oct 23 22:14:23 openvpn 11134 203.0.113.144:20690 VERIFY

openvpn: error=CRL has expired Read More »

Jun 17 2021

OpenVPN: unsupported certificate purpose

Leave a Comment / General, OpenSSL, OpenVPN, ssl-admin / By Dan Langille / June 17, 2021

See also SSL client vs server certificates and bacula-fd. I use OpenVPN since at least 2008 – now going on 13 years. I find it to be reliable and stable. A few days ago, I added another client to a VPN. I run this particular network with self-signed certificates which I create using ssl-admin – I find it particularly useful for this purpose. The problem Away I went, creating a new certicate, bundled

OpenVPN: unsupported certificate purpose Read More »

Jan 3 2013

Leave a Comment / Open Source, OpenVPN, ssl-admin / By Dan Langille / January 3, 2013

People often talk about security. There are many different types of security. Personal security. Security theater. Physical security. In this post, we’ll talk about securing communications channels so that others cannot listen in, and so that others cannot connect. In this article, I’ll talk about using a toolkit, ssl-admin, to create a certificate authority, create self-signed certificates, and use them for both backups (via Bacula) and for a VPN (using OpenVPN). We will

ssl-admin Read More »