|
|
> The message is: VERIFY ERROR: depth=0, error=unsupported certificate > purpose: Hi, I studied OpenSSL while setting up my CA recently, so I can play macho now. :-) The openvpn version you're mentioning is ancient, maybe that is the reason noone responded to your question. It's usual to not support old versions. I don't know whether this part of openvpn code was revised since release 1.4.3-3. Maybe you could try to compile new release openvpn statically somewhere else, securely copy it to your running CD machine and try whether it behaves the same. Then you can write here, that the newest release shows this to you as well. That way you might receive some more response. :-) Nevertheless, it appears to me the cert you're presenting has the restricted set of purposes. Have you thoroughly check your openssl.cnf before starting with you CA? On my Linux I didn't find the doc for the openssl.cnf, so I found it on the web, try this for example http://www.technoids.org/openssl.cnf.html Try searching for "unsupported certificate purpose" on Google and on Google Groups. This error string can be found on the OpenSSL verify man page. Try to test your certificate with the command openssl verify -purpose <purpose> Hope this helps, \//\/\ ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |