Added clientAuth to EKU of client certificate. Fixed the comment.

[ipfire-2.x.git] / html / cgi-bin / vpnmain.cgi

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index b0041ef42255eb90cd5e3cb005762067050b8790..4138f4dea674da80233024578b164500ff09c1f8 100644 (file)
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -1673,7 +1673,7 @@ END
            (my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./;
            (my $state = $cgiparams{'CERT_STATE'}) =~ s/^\s*$/\./;
 
-           # Create the Host certificate request
+           # Create the Client certificate request
            &General::log("ipsec", "Creating a cert...");
 
            if (open(STDIN, "-|")) {
@@ -1700,7 +1700,7 @@ END
                exit (0);
            }
            
-           # Sign the host certificate request
+           # Sign the client certificate request
            &General::log("ipsec", "Signing the cert $cgiparams{'NAME'}...");
 
            #No easy way for specifying the contain of subjectAltName without writing a config file...
@@ -1709,6 +1709,7 @@ END
            basicConstraints=CA:FALSE
            nsComment="OpenSSL Generated Certificate"
            subjectKeyIdentifier=hash
+           extendedKeyUsage=clientAuth
            authorityKeyIdentifier=keyid,issuer:always
 END
 ;