Reply To: Certificate passwords

Home Page Forums Network Management ZeroShell Certificate passwords Reply To: Certificate passwords



I modified /etc/ssl/openssl.cnf and set input_password and output_password to something and tried to regen the certificates; still does not work.

Then I found a page on the web about certificates being used by the OS X client:

Seems that OS X will not accept a server certificate in distinguished name format (which they appear to be generated as) without adding user_cert option subjectAltName=DNS:

Of course it’s not possible to do this as the changes made to openssl.cnf are wiped out after a reboot.

If I understand correctly (and I probably don’t), this makes zeroshell config incompatible with OS X clients as far as x.509 VPN access goes?