OpenVPN CA from OPNsense -> "Root CA must have KeyUsage extension set."

[tsaG]

Hey!I switched from WireGuard to OpenVPN. All my other devices are working with the given Certificates. However Truenas Scale doesn't want to eat it. When I input the OpenVPN connection Details to use Truenas as a OpenVPN Client, I get the message "Root CA must have KeyUsage extension set."As already said, with the CA Certificate all other clients (Synology, iPhones..) are working.I exported the Client certificates (including CA, CERT and Private Key) from OPNSense. Any Ideas?

Its seems to be a limitation from the GUI but I don't know how to circumvent it.

In this Thread, someone recommended to use Tunable Parameters, however this only works in Core.
Is there something im Missing in OPNSense? There are no other options I can tick when creating the Certificate.

As I understand the absence of KeyUsages implies that any usage is valid for that particular certificate. So all should be good (?).

 

[indivision]

It sounds like something is missing from OPNSense.

Have you tried a different service to verify?

 

[tsaG]

It sounds like something is missing from OPNSense.

Have you tried a different service to verify?

Not yet, but I can try. Can you recommend a different service (I assume to create the certificates?) ?

In the meantime, I also integrated all my Applications into the VPN as well. Worked like a charm. Only problem is now the actual Truenas which I need for Rsync.

 

[indivision]

Several options here: https://en.wikipedia.org/wiki/VPN_service#Comparison_of_commercial_virtual_private_network_services