Re: https + onpenSSL + firefox: 8101 error

Thu, 17 Jan 2008 08:46:07 -0800 

Thanks, I don't know what extensions are. I runned that command and it shows
this extensions:

        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Cert Type:
                SSL Client, S/MIME, Object Signing
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                84:C9:DF:56:82:E7:B9:2A:A5:3F:EB:E2:7B:E0:F0:B7:B8:5C:F1:EA
            X509v3 Authority Key Identifier:

keyid:3B:5E:C9:05:88:E2:13:3A:26:A0:DD:3F:22:9D:55:12:35:71:B0:1D

Are they right?



2008/1/17, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
>
> Hello,
> > I enabled https in my website on a Tomcat server.
> >
> > I created with openSSL the CA, I singed my web certificate and I added
> the certifie of
> > my CA in IE and Firefox. With IE 6 and 7  it run successfull securely,
> but with firefox
> > and netscape it shows this error acceder perfectamente a la web de forma
> segura, pero
> > con firefox y netscape me muestra este error: " cannot establish
> encrypted connection to
> > the web server because the certificate is invalid or corrupted: Error
> Code -8101 "
> >
> > Do you know what is the problem?
> You may try look at your certificate extension with command:
> $ openssl x509 -in cert.pem -text -noout
>
> Extensions are checked by Firefox and enforced.
> If you will not have required extensions or you will have
> to many extension in your certificate Firefox may treat this
> certificate as invalid.
>
> For example you may have certificate with extensions:
> ....
>    X509v3 Key Usage:
>       Digital Signature, Non Repudiation, Key Encipherment, Key Agreement
> ....
> which is valid.
>
> But if you will have for some reason certificate:
> ....
>    X509v3 Key Usage:
>       Digital Signature, Non Repudiation, Key Encipherment, Key Agreement
>    X509v3 Extended Key Usage:
>       Code Signing
> ....
> then Firefox will treat this certificate as invalid.
>
> Best regards,
> --
> Marek Marcola <[EMAIL PROTECTED]>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           [EMAIL PROTECTED]
>

Reply via email to