On Tue, Dec 17, 2013 at 7:57 AM, Per Juborg <per at juborg.nu> wrote: > Hi, > I've managed to compile ocserv and create a minimal config file on my Mac OSX 10.8.5. > However, I need to know how to create a proper server certificate, the manual isn't very clear on that subject. > When starting my server I get the following message: server certificate key usage prevents key encipherment; unable to support the RSA ciphersuites > How should I generate my certificate? Follow the instructions for the user certificate but use the following template: cn = "www.example.com" expiration_days = 9999 signing_key encryption_key tls_www_server > Is also seems that the server doesn't present the CA certificate, I've only been able to test that with a browser. The TLS protocol requires that the CA certificate isn't included in the list presented by the server (but many servers don't follow that requirement). There is no need for that since the client must already have it to very the server certificate. Nevertheless, if you need to have it included just append it after the server certificate. regards, Nikos
