Mit openssl 3.0 oder besser Debian testing „bookwurm“ gibt es Probleme mit den OpenVPN und NetworkManager. Die Lösung ist folgendes zu ändern in der /etc/ssl/openssl.cnf

[openssl_init]
providers = provider_sect

# List of providers to load
[provider_sect]
default = default_sect
legacy = legacy_sect
# The fips section name should match the section name inside the
# included fipsmodule.cnf.
# fips = fips_sect

# If no providers are activated explicitly, the default one is activated implicitly.
# See man 7 OSSL_PROVIDER-default for more details.
#
# If you add a section explicitly activating any other provider(s), you most
# probably need to explicitly activate the default provider, otherwise it
# becomes unavailable in openssl.  As a consequence applications depending on
# OpenSSL may not work correctly which could lead to significant system
# problems including inability to remotely access the system.
[default_sect]
activate = 1
[legacy_sect]
activate = 1

openssl x509 -noout -text -in <CERTIFICATE>

openssl s_client -connect <website.dom>:443 2>/dev/null | openssl x509 -noout -dates