Hi all, I'm having trouble with x509v3 extensions: my home-made certificates do not work for client authentication. Netscape's complain is that "The certificate is not approved for the attempted application", and in the apache error_log I get the following line: "...sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?]" IE on the other hand doesn't even show the previously imported certificate in the popup window during the handshake, so obviously it fails. Although I looked hard (maybe not hard enough) in the man pages and on the web, I couldn't find any info about what extensions (with what values) openssl actually supports. Furthermore it seems to me - correct me if I'm wrong - , that this certificate issue is not quite worked out as far as the browsers are concerned. (buggy IE4, problems with critical attributes etc...) So I was wondering, if there was a "tips&tricks manual" how to create certificates, that both major browsers accept? Could someone give me some links/info where to look? Thanks, Gabor Nyers Unix sysadmin ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]