On Tue, Dec 10, 2013 at 8:50 PM, Karl <weeker at outlook.com> wrote: > Hi, Nikos, after add Digital Signature, Key Encipherment, Data > Encipherment, Certificate Sign, TLS Web Client Authentication to the > user cert, it looks *better*, I sent the logs if you have interesting > to look. Most probably the digital signature flag would have been sufficient. Was is some openconnect or ocserv documentation that didn't mention this flag? regards, Nikos