openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt -subj ‘/CN=User1’ -addext extendedKeyUsage =1.3.6.1.4.1.311.80.1 -addext keyUsage=keyEncipherment Works on openssl 1.1.1a, @Xenopathic nc-cert-type really should no longer be used in OpenVPN, as the ns stands for NetScape, as in the now defunct NetScape Browser. The option remote-cert-eku TLS Web Server Authentication should be used, provided the server cert was generated with EKU serverAuth and the client cert(s) generated with EKU clientAuth.One can also specify remote-cert-ku , where
Openssl Extendedkeyusage Id-Kp-Serverauth
SUBSCRIBE to Our Newsletter
Sign up here with your email address to receive updates from this blog in your inbox.