Fix openssl config changes for upgraded security

config/openssl.cnf

@@ -66,7 +66,6 @@ emailAddress		= optional
 [ req ]
 # Commented out for bug hack reasons.  See postinst for more info.
 #prompt			= no
-extendedKeyUsage        = clientAuth
 default_bits		= 2048
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
@@ -139,8 +138,10 @@ basicConstraints=CA:FALSE
 nsComment			= "Generated by openvpn-server"
 
 # PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage = clientAuth
+keyUsage = digitalSignature,keyEncipherment
 
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
@@ -159,9 +160,10 @@ authorityKeyIdentifier=keyid,issuer:always
 [ server ]
 basicConstraints=CA:FALSE
 extendedKeyUsage	= serverAuth
+keyUsage = digitalSignature,keyEncipherment
 nsComment			= "OpenSSL Generated Server Certificate"
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
 
 [ v3_req ]