-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 09.05.2012 14:32, schrieb Ken Stevenson: >> >> I got only this keys. Can you explain me what exactly you mean with >> adding chains? >> And I wonder why this error only occurs in Thunderbird, not in openssl. >> > > Never mind, I don't think my first guess was correct. I wonder if it has to do with the error 27 reported in the verify by openssl. According to the manual, an error 27 means: > > "the root CA is not marked as trusted for the specified purpose." > > It looks like the certificate is valid cryptographically, but that it wasn't certified for how you're using it. > > If I run: > > openssl x509 -in ssl.crt -noout -text > > The output includes the following: > > X509v3 Extended Key Usage: > TLS Web Server Authentication, TLS Web Client Authentication > X509v3 Key Usage: critical > Digital Signature, Key Encipherment > > Does yours look different?
Mine looks like this: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Server Authentication - -- Markus Fritz Administration -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPqmuQAAoJEINBXoxEgR1sshwIALPRc0ozkTms2z9q+wLo8nP4 ELA7OsIUYiRUbhO1WOvfUQ+Ltssw5WcmvDQdpiAEZBL92s3hLvGqiJxc4TjoF3Fd lfar4OIQ/G2GMgzA9QeJu/EVMks29031RifSo2zkXnmTJMoTVAtsnRMc3UwIOTPV 0yDAXMZN7Ph4t5TbjJRk6Dox2PZj9qsixsOXb82ErE9TyaKT/p+Qdk2U/gvKWMUM Himz4q6bWIpc5D+h1KKes27+HIHPWjFLE2OPKfF58vw1ws1dmYvwM14v3RRW9e1X UYBZXcv5dIJHNXhkANgY/reWQjl3QU5JIalyU4S8MaF1OTr4Gr4SzsBBzY5eCd0= =j6Vx -----END PGP SIGNATURE-----