Thanks, I don't know what extensions are. I runned that command and it shows this extensions:
X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Cert Type: SSL Client, S/MIME, Object Signing Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 84:C9:DF:56:82:E7:B9:2A:A5:3F:EB:E2:7B:E0:F0:B7:B8:5C:F1:EA X509v3 Authority Key Identifier: keyid:3B:5E:C9:05:88:E2:13:3A:26:A0:DD:3F:22:9D:55:12:35:71:B0:1D Are they right? 2008/1/17, [EMAIL PROTECTED] <[EMAIL PROTECTED]>: > > Hello, > > I enabled https in my website on a Tomcat server. > > > > I created with openSSL the CA, I singed my web certificate and I added > the certifie of > > my CA in IE and Firefox. With IE 6 and 7 it run successfull securely, > but with firefox > > and netscape it shows this error acceder perfectamente a la web de forma > segura, pero > > con firefox y netscape me muestra este error: " cannot establish > encrypted connection to > > the web server because the certificate is invalid or corrupted: Error > Code -8101 " > > > > Do you know what is the problem? > You may try look at your certificate extension with command: > $ openssl x509 -in cert.pem -text -noout > > Extensions are checked by Firefox and enforced. > If you will not have required extensions or you will have > to many extension in your certificate Firefox may treat this > certificate as invalid. > > For example you may have certificate with extensions: > .... > X509v3 Key Usage: > Digital Signature, Non Repudiation, Key Encipherment, Key Agreement > .... > which is valid. > > But if you will have for some reason certificate: > .... > X509v3 Key Usage: > Digital Signature, Non Repudiation, Key Encipherment, Key Agreement > X509v3 Extended Key Usage: > Code Signing > .... > then Firefox will treat this certificate as invalid. > > Best regards, > -- > Marek Marcola <[EMAIL PROTECTED]> > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] >