search for: nscerttyp

...;### start ### >[ ca ] >default_ca = CA_default > >[ CA_default ] >x509_extensions = server_cert > >[ server_cert ] >basicConstraints=CA:FALSE >keyUsage = nonRepudiation, dataEncipherment, digitalSignature, keyEncipherment >extendedKeyUsage = serverAuth, clientAuth >nsCertType = server, client >### end ### > >I think the nsCertType directive may be unnecessary these days, but >I keep it around because it doesn't hurt anything. > >The important bit is the extendedKeyUsage line; I'm pretty sure that >an OpenVPN server needs the serverAuth ex...

> > >Folks > >I would like to have my windows 7 laptop communicate with my home >server via a VPN, in such a way that it appears to be "inside" my >home network. It should not only let me appear to be at home for >any external query, but also let me access my computers inside my home. > >I already have this working using M$'s PPTP using my home

...ts of bits ellided for clarity's sake: ### start ### [ ca ] default_ca = CA_default [ CA_default ] x509_extensions = server_cert [ server_cert ] basicConstraints=CA:FALSE keyUsage = nonRepudiation, dataEncipherment, digitalSignature, keyEncipherment extendedKeyUsage = serverAuth, clientAuth nsCertType = server, client ### end ### I think the nsCertType directive may be unnecessary these days, but I keep it around because it doesn't hurt anything. The important bit is the extendedKeyUsage line; I'm pretty sure that an OpenVPN server needs the serverAuth extension. For instance, here...

...gt;> >> [ CA_default ] >> x509_extensions = server_cert >> >> [ server_cert ] >> basicConstraints=CA:FALSE >> keyUsage = nonRepudiation, dataEncipherment, digitalSignature, >> keyEncipherment >> extendedKeyUsage = serverAuth, clientAuth >> nsCertType = server, client >> ### end ### >> >> I think the nsCertType directive may be unnecessary these days, but I keep >> it around because it doesn't hurt anything. >> >> The important bit is the extendedKeyUsage line; I'm pretty sure that an >> Ope...

...e authentication. If my memory serves right, beta8 had no problems with it (although it was some time ago and on different machine). Similar setup works perfectly well for postfix (for authentication that is, on the same machine). Originally I thought I overdid some certificate settings (keyUsage, nsCertType, etc.), so for the sake of testing I've simplified the setup to bare minimum - 1 simple selfsigned root certificate, another 1 for dovecot, and the last one for the user. Unfortunately, the results were the same. Configuration: OpenBSD 3.9 (stable branch), i386, no nfs or afs (only local ffs...

...ur file distribution tree. If you''re doing a lot of them, then you''d want some way to automatically create them, which isn''t the easiest to do in Puppet right now. > And it should provide some options in specifying fancy things like subject > alternative name and NScertType et all. Puppet''s CA does not support this, but I wouldn''t think it''d be that difficult to do. > I was thinking about using QuickCert for this because it''s in ruby and seems > like a good way to generate those things. I used QuickCert to show me how to...

...ovecot-openssl.cnf | grep -v "^$" [ req ] default_bits = 1024 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type prompt = no [ req_dn ] C=CA ST=Ontario L=Toronto O=Blastwave OU=IMAP server CN=titan.blastwave.org emailAddress=postmaster at blastwave.org [ cert_type ] nsCertType = server # /opt/csw/bin/openssl req -new -x509 -nodes -config ./dovecot-openssl.cnf -out /etc/opt/csw/dovecot/certs/dovecot.pem -keyout /etc/opt/csw/dovecot/private/dovecot.pem -days 365 Generating a 1024 bit RSA private key ...........................++++++ ....................++++++ writing new...

...tial packet from xx.xx.xx.xx:1194, ---->> public ip address on pix firewall sid=7c6f6585 62ec6b5f Tue Aug 1 23:11:21 2006 VERIFY OK: depth=1, /C=IN/ST=DE/L=ND/O=OpenVPN-TEST/OU=VPN_Server/CN= server1.test.net/emailAddress=postmater at localhost.localdomain Tue Aug 1 23:11:21 2006 VERIFY OK: nsCertType=SERVER Tue Aug 1 23:11:21 2006 VERIFY OK: depth=0, /C=IN/ST=DE/O=OpenVPN-TEST/OU=VPN_Server/CN=server1.test.net/emailAddress=postmater at localhost.localdomain Tue Aug 1 23:11:23 2006 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Aug 1 23:11:23 2006 Data Channel...

Package: logcheck Version: 1.2.35 Severity: minor Manual page reads: SYNOPSIS logcheck [TIONS] Perhaps it was intended to read: SYNOPSIS logcheck [OPTIONS] -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked

Package: logcheck-database Version: 1.2.39 Severity: wishlist These are the subject of an am-utils FAQ <URL:http://www.am-utils.org/docs/am-utils/FAQ.txt> and would be useful in the ignored list. Note that it's either `newer' or `older'. Jun 14 14:32:25 albion kernel: nfs warning: mount version newer than kernel Jun 14 14:37:54 dlsy kernel: nfs warning: mount version older

Package: logcheck-database Version: 1.2.40 Severity: normal Tags: patch There are one line that is not properly ignored. I include in the report a better version. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (400, 'testing'), (300, 'unstable'), (200, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.8-2-k7 Locale: