Getting the right type of certificate

This post covers my debugging of a self-signed certificate on one of my Bacula instances. The error message is: I’ve encountered that unsupported certificate purpose message before: OpenVPN: unsupported certificate purpose SSL client vs server certificates and bacula-fd I always thought it was a server versus client issue. Now I’m not so sure. There was […]

Getting the right type of certificate Read More »

openvpn: error=CRL has expired

After the former FreshPorts server was retired, its OpenVPN credential were revoked. I maintain those certificates via ssl-admin. I uploaded the new CRL into the System | Certificate Manager | Certificate Revocation page in pfSense. Today, I was seeing strange errors in Nagios, and figured someone wasn’t connected to the VPN. Checking OpenVPN client logs,

openvpn: error=CRL has expired Read More »


People often talk about security. There are many different types of security. Personal security. Security theater. Physical security. In this post, we’ll talk about securing communications channels so that others cannot listen in, and so that others cannot connect. In this article, I’ll talk about using a toolkit, ssl-admin, to create a certificate authority, create

ssl-admin Read More »

Scroll to Top