I comented it in openssl.cnf but firefox I have still problems with
fierfox. Now my extensions are:
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:B4:67:2C:43:7C:CF:2D:AA:DE:AE:C0:9B:83:14:EC:A2:D2:B8:3A
X509v3 Authority Key Identifier:
keyid:D6:B4:67:2C:43:7C:CF:2D:AA:DE:AE:C0:9B:83:14:EC:A2:D2:B8:3A
DirName:/C=ES/ST=MYNAME2/O=MYNAME2/OU=MYNAME2/CN=MYNAME2
serial:D5:9E:5E:F7:E6:8F:AE:16
X509v3 Basic Constraints:
CA:TRUE
It is right CA:TRUE???
Thanks
----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: <openssl-users@openssl.org>
> Sent: Thursday, January 17, 2008 6:01 PM
> Subject: Re: https + onpenSSL + firefox: 8101 error
>
>
> > Hello
> >> Thanks, I don't know what extensions are. I runned that command and it
> > shows this extensions:
> >>
> >> X509v3 extensions:
> >> X509v3 Basic Constraints:
> >> CA:FALSE
> >> Netscape Cert Type:
> >> SSL Client, S/MIME, Object Signing
> >> Netscape Comment:
> >> OpenSSL Generated Certificate
> >> X509v3 Subject Key Identifier:
> >> 84:C9:DF:56:82:E7:B9:2A:A5:3F:EB:E2:7B:E0:F0:B7:B8:5C:F1:EA
> >> X509v3 Authority Key Identifier:
> >> keyid:3B:5E:C9:05:88:E2:13:3A:26:A0:DD:3F:22:9D:55:12:35:71:B0:1D
> >>
> >> Are they right?
> > I do not know how Firefox handles Netscape Cert Type but this
> > does not look like SSL Server Certificate.
> > You may try to comment Netscape Cert Type in your openssl.cnf file
> > (nsCertType directive).
> > You may also add/uncomment/modify directive:
> > keyUsage = nonRepudiation, digitalSignature, keyEncipherment,
> > keyAgreement
> > Next generate new certificate and test.
> >
> > Best regards,
> > --
> > Marek Marcola <[EMAIL PROTECTED]>
> >
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List openssl-users@openssl.org
> > Automated List Manager [EMAIL PROTECTED]
http://www.hhdirecto.net
http://www.dechiste.com
http://www.sinmp3.com
