search for: keyencipherment

...f file. Lots of bits >ellided for clarity's sake: > >### start ### >[ ca ] >default_ca = CA_default > >[ CA_default ] >x509_extensions = server_cert > >[ server_cert ] >basicConstraints=CA:FALSE >keyUsage = nonRepudiation, dataEncipherment, digitalSignature, keyEncipherment >extendedKeyUsage = serverAuth, clientAuth >nsCertType = server, client >### end ### > >I think the nsCertType directive may be unnecessary these days, but >I keep it around because it doesn't hurt anything. > >The important bit is the extendedKeyUsage line; I'm pre...

> > >Folks > >I would like to have my windows 7 laptop communicate with my home >server via a VPN, in such a way that it appears to be "inside" my >home network. It should not only let me appear to be at home for >any external query, but also let me access my computers inside my home. > >I already have this working using M$'s PPTP using my home

...Here's how I managed that in my openssl.cnf file. Lots of bits ellided for clarity's sake: ### start ### [ ca ] default_ca = CA_default [ CA_default ] x509_extensions = server_cert [ server_cert ] basicConstraints=CA:FALSE keyUsage = nonRepudiation, dataEncipherment, digitalSignature, keyEncipherment extendedKeyUsage = serverAuth, clientAuth nsCertType = server, client ### end ### I think the nsCertType directive may be unnecessary these days, but I keep it around because it doesn't hurt anything. The important bit is the extendedKeyUsage line; I'm pretty sure that an OpenVPN server...

...sult in "TLS handshaking: SSL_accept() syscall failed: Connection reset by peer" errors *if the certificate granted is not granted for client use*. For servers, I normally generate SSL certificates specifically for servers: [ server_ca_extensions ] basicConstraints = CA:false keyUsage = keyEncipherment extendedKeyUsage = 1.3.6.1.5.5.7.3.1 If you just do that, then the SSL certificate doesn't work in dovecot (it will work fine in Apache, or Postfix etc etc). You also need the certificate to be valide for client side work: [ client_and_server_ca_extensions ] basicConstraints = CA:false keyUsa...

Hi, I followed the TLS/SRTP tutorial on the wiki [0] using Asterisk 11.8.1 on CentOS 6.5 x86_64 and CSipSimple on a Nexus with Android 4.4.x local wifi. The phone seems to register but directly after that things fall apart (turning SELinux off made no difference): *CLI> -- Registered SIP 'encrypted' at 10.0.0.137:58079 > Saved useragent

...; >> ### start ### >> [ ca ] >> default_ca = CA_default >> >> [ CA_default ] >> x509_extensions = server_cert >> >> [ server_cert ] >> basicConstraints=CA:FALSE >> keyUsage = nonRepudiation, dataEncipherment, digitalSignature, >> keyEncipherment >> extendedKeyUsage = serverAuth, clientAuth >> nsCertType = server, client >> ### end ### >> >> I think the nsCertType directive may be unnecessary these days, but I keep >> it around because it doesn't hurt anything. >> >> The important bit i...