Commit ab0ba609 authored by root's avatar root
Browse files
parents 0b666557 389d1d1c
......@@ -66,7 +66,6 @@ emailAddress = optional
[ req ]
# Commented out for bug hack reasons. See postinst for more info.
#prompt = no
extendedKeyUsage = clientAuth
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
......@@ -139,8 +138,10 @@ basicConstraints=CA:FALSE
nsComment = "Generated by openvpn-server"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
extendedKeyUsage = clientAuth
keyUsage = digitalSignature,keyEncipherment
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
......@@ -159,9 +160,10 @@ authorityKeyIdentifier=keyid,issuer:always
[ server ]
basicConstraints=CA:FALSE
extendedKeyUsage = serverAuth
keyUsage = digitalSignature,keyEncipherment
nsComment = "OpenSSL Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
[ v3_req ]
......
......@@ -8,7 +8,7 @@ comp-lzo
client
pkcs12 %%ORGNICK%%-%%USERNAME%%.p12
ns-cert-type server
remote-cert-tls server
cipher AES-256-CBC
pull
......
......@@ -8,7 +8,8 @@ comp-lzo
client
ns-cert-type server
remote-cert-tls server
cipher AES-256-CBC
pull
verb 4
......
openvpn-server (0.9.3) lucid precise xeniel; urgency=low
* Fixes for openssl config
* Fixes for openvpn client template files
-- Sol1 Packages <packages@sol1.com.au> Fri, 28 May 2018 11:30:00 +1000
openvpn-server (0.9.2) lucid precise xeniel; urgency=low
* Fix error on install with systemd not seeing reload untill restart has been return
......
......@@ -172,6 +172,7 @@ dev tun
dh /etc/openvpn-server/dh4096.pem
pkcs12 /etc/openvpn-server/$ORGNICK-server.p12
crl-verify /etc/openvpn-server/ca.crl
remote-cert-tls client
cipher AES-256-CBC
client-config-dir /etc/openvpn/ccd
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment