Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

[pwniii]

Hi,

I hope this is the right place to ask. I'm using a VPN Service since years with various operating systems. Recently I added a debian 9 + openvpn 2.4.0 box using the same config files like all other linux desktops. Only on Debian I get the message:

++ Certificate has key usage 00a0, expects 00a0
VERIFY KU OK
Validating certificate extended key usage
++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
VERIFY EKU OK

What does it mean and why does it only occur on the debian box? Can't find any information about it. Sounds not so good anyway?

Thank you

[TinCanTech]

Those messages are correct and good.

What does it mean

It means the server key usage has been correctly verified.

why does it only occur on the debian box?

Probably because this is new and all your other boxes are out of date.

See --remote-cert-tls in the manual.

[pwniii]

Thank you for the answer.

What I still consider strange is: I Used the same ISO and setup the debian 9 in exact the same way running exact the same version (2.4.0) without that message to come. The other boxes running Arch (rolling release) with a newer version then 2.4.0 and also do not showing that message. I'm a bit confused tho. Even if it's good to know it don't affect the security of the VPN connection.