Changes between Version 13 and Version 14 of EasyRSA3-OpenVPN-Howto


Ignore:
Timestamp:
01/10/14 12:57:27 (4 years ago)
Author:
JoshC
Comment:

add note about nsCertType deprecation

Legend:

Unmodified
Added
Removed
Modified
  • EasyRSA3-OpenVPN-Howto

    v13 v14  
    1616
    17174. On your OpenVPN server, generate DH parameters (see the DH Generation section of this Howto)
     18
     19== Easy-RSA and MITM protection with OpenVPN ==
     20
     21'''Important note:''' some OpenVPN configs rely on the deprecated "Netscape" cert attribute called nsCertType. This is deprecated behavior, and Easy-RSA 3 does '''not''' enable this by default like v2 did. Please use the `--remote-cert-tls` directive in your OpenVPN config files for MITM protection.
     22
     23If you really need the old, deprecated behavior, enable the Netscape extensions by reading vars.example before signing certs with your CA. This will allow you to use `--ns-cert-type` with OpenVPN.
    1824
    1925== PKI procedure: using a separate CA system ==