Maverick wrote: > Hi, > > What's weird is that the https work in Konqueror (after importing the > root ca), but not in firefox. > > And If i autosigns the request everything works. It's only if i signs it > with the cacert. > > I'm wondering if one of thoses points may be in cause: > > 1 the CA is a 4096 bytes key maybe i didn't try with firefox, but usaly it should work
> 2 When issuing the request i modify the subjectAltName > with two IP Address and two DNS name and the subject with > two CN corresponding to the two DNS names > > Could this be a bad idea ? > hmm, not sure but - which role did u assign the issued certificate and which validity times and what did you authorize the imported ca-certificate to authenticate (in firefox, there are those three options a ca-cert may be able to validate, which you have to mark at import time of ca-cert or later, standard they are not set)? can you verify the ca-cert by its own, did it get shown as valid? what shows the certificate view in detail - why the cert may be invalid greetings dalini ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7393&alloc_id=16281&op=click _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
