Hi
According to those that make my certificate management system, EJBCA,
noone uses nsCertType any more. It has been replaced by a
standard, RFC3280,
http://www.ietf.org/rfc/rfc3280.txt?number=3280
See section "extended key usage",
" id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
-- TLS WWW server authentication
-- Key usage bits that may be consistent: digitalSignature,
-- keyEncipherment or keyAgreement
id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
-- TLS WWW client authentication
-- Key usage bits that may be consistent: digitalSignature
-- and/or keyAgreement"
Okay, so it is not written to be used for a VPN, but surely OpenVPN
could interpretate those fields as server and client as with the old
nsCertType ?
JonB
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|