I comented it in openssl.cnf but firefox I have still problems with fierfox. Now my extensions are:
X509v3 extensions: X509v3 Subject Key Identifier: D6:B4:67:2C:43:7C:CF:2D:AA:DE:AE:C0:9B:83:14:EC:A2:D2:B8:3A X509v3 Authority Key Identifier: keyid:D6:B4:67:2C:43:7C:CF:2D:AA:DE:AE:C0:9B:83:14:EC:A2:D2:B8:3A DirName:/C=ES/ST=MYNAME2/O=MYNAME2/OU=MYNAME2/CN=MYNAME2 serial:D5:9E:5E:F7:E6:8F:AE:16 X509v3 Basic Constraints: CA:TRUE It is right CA:TRUE??? Thanks ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: <openssl-users@openssl.org> > Sent: Thursday, January 17, 2008 6:01 PM > Subject: Re: https + onpenSSL + firefox: 8101 error > > > > Hello > >> Thanks, I don't know what extensions are. I runned that command and it > > shows this extensions: > >> > >> X509v3 extensions: > >> X509v3 Basic Constraints: > >> CA:FALSE > >> Netscape Cert Type: > >> SSL Client, S/MIME, Object Signing > >> Netscape Comment: > >> OpenSSL Generated Certificate > >> X509v3 Subject Key Identifier: > >> 84:C9:DF:56:82:E7:B9:2A:A5:3F:EB:E2:7B:E0:F0:B7:B8:5C:F1:EA > >> X509v3 Authority Key Identifier: > >> keyid:3B:5E:C9:05:88:E2:13:3A:26:A0:DD:3F:22:9D:55:12:35:71:B0:1D > >> > >> Are they right? > > I do not know how Firefox handles Netscape Cert Type but this > > does not look like SSL Server Certificate. > > You may try to comment Netscape Cert Type in your openssl.cnf file > > (nsCertType directive). > > You may also add/uncomment/modify directive: > > keyUsage = nonRepudiation, digitalSignature, keyEncipherment, > > keyAgreement > > Next generate new certificate and test. > > > > Best regards, > > -- > > Marek Marcola <[EMAIL PROTECTED]> > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager [EMAIL PROTECTED] http://www.hhdirecto.net http://www.dechiste.com http://www.sinmp3.com