I solved the problem. I wasn't problem of the CA. It was problem generating key for the website. I did:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat And It seems firefox needs a RSA key. I generated it with this command: %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA Thanks ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: <openssl-users@openssl.org> > Sent: Thursday, January 17, 2008 6:01 PM > Subject: Re: https + onpenSSL + firefox: 8101 error > > > > Hello > >> Thanks, I don't know what extensions are. I runned that command and it > > shows this extensions: > >> > >> X509v3 extensions: > >> X509v3 Basic Constraints: > >> CA:FALSE > >> Netscape Cert Type: > >> SSL Client, S/MIME, Object Signing > >> Netscape Comment: > >> OpenSSL Generated Certificate > >> X509v3 Subject Key Identifier: > >> 84:C9:DF:56:82:E7:B9:2A:A5:3F:EB:E2:7B:E0:F0:B7:B8:5C:F1:EA > >> X509v3 Authority Key Identifier: > >> keyid:3B:5E:C9:05:88:E2:13:3A:26:A0:DD:3F:22:9D:55:12:35:71:B0:1D > >> > >> Are they right? > > I do not know how Firefox handles Netscape Cert Type but this > > does not look like SSL Server Certificate. > > You may try to comment Netscape Cert Type in your openssl.cnf file > > (nsCertType directive). > > You may also add/uncomment/modify directive: > > keyUsage = nonRepudiation, digitalSignature, keyEncipherment, > > keyAgreement > > Next generate new certificate and test. > > > > Best regards, > > -- > > Marek Marcola <[EMAIL PROTECTED]> > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager [EMAIL PROTECTED] > http://www.hhdirecto.net http://www.dechiste.com http://www.sinmp3.com
