diff -Nur phpki/phpki-0.82/include/openssl_functions.php phpki_nscerttype/phpki-0.82/include/openssl_functions.php
--- phpki/phpki-0.82/include/openssl_functions.php	2014-07-29 15:57:25.009126731 +0200
+++ phpki_nscerttype/phpki-0.82/include/openssl_functions.php	2014-07-29 15:58:33.337085785 +0200
@@ -111,7 +111,7 @@
 basicConstraints       = critical, CA:false
 keyUsage               = critical, nonRepudiation, digitalSignature, keyEncipherment
 extendedKeyUsage       = critical, emailProtection, clientAuth
-nsCertType             = critical, client, email
+nsCertType             = client, email
 subjectKeyIdentifier   = hash
 authorityKeyIdentifier = keyid:always, issuer:always
 subjectAltName         = email:copy
@@ -126,7 +126,7 @@
 basicConstraints       = critical, CA:false
 keyUsage               = critical, nonRepudiation, digitalSignature, keyEncipherment
 extendedKeyUsage       = critical, emailProtection, clientAuth, codeSigning
-nsCertType             = critical, client, email
+nsCertType             = client, email
 subjectKeyIdentifier   = hash
 authorityKeyIdentifier = keyid:always, issuer:always
 subjectAltName         = email:copy
@@ -140,7 +140,7 @@
 [ server_ext ]
 basicConstraints        = critical, CA:false
 keyUsage                = critical, digitalSignature, keyEncipherment
-nsCertType              = critical, server
+nsCertType              = server
 extendedKeyUsage        = critical, serverAuth
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid:always, issuer:always
@@ -169,7 +169,7 @@
 basicConstraints        = critical, CA:false
 keyUsage                = critical, digitalSignature
 extendedKeyUsage        = critical, clientAuth
-nsCertType              = critical, client
+nsCertType              = client
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid:always, issuer:always
 subjectAltName          = DNS:$common_name,email:copy
@@ -178,7 +178,7 @@
 basicConstraints        = critical, CA:false
 keyUsage                = critical, digitalSignature, keyEncipherment
 extendedKeyUsage        = critical, serverAuth
-nsCertType              = critical, server
+nsCertType              = server
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid:always, issuer:always
 subjectAltName          = DNS:$common_name,email:copy
@@ -187,7 +187,7 @@
 basicConstraints        = critical, CA:false
 keyUsage                = critical, digitalSignature, keyEncipherment
 extendedKeyUsage        = critical, serverAuth, clientAuth
-nsCertType              = critical, server, client
+nsCertType              = server, client
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid:always, issuer:always
 subjectAltName          = DNS:$common_name,email:copy