It is working now! The first problem seems to be that FF3 has a problem with DSA signature: https://bugzilla.mozilla.org/show_bug.cgi?id=452712 The second problem was that my installed Java JRE had a keytool which was not able to combine the option -keyalg RSA and -sigalg SHA1withRSA correctly. It generated a key but my CA Startcom said MD5 is no valid algorithm. After an update from JRE 1.5.0.16 to 1.6.0.7 and running the keytool with the following commands it is finally working now:
1. keytool -genkey -alias some-time -dname "cn=Marko Sacher, ou=some-time, o=some-time, l=Essen, s=Nordrhein-Westfalen, c=DE" -keystore .keystore -validity 365 -keyalg RSA -sigalg SHA1withRSA -keysize 2048 2. keytool -certreq -alias some-time -file ns.some-time.de.csr -keystore ./.keystore 3. keytool -import -file ca.crt -alias startcom.ca -keystore .keystore 4. keytool -import -alias startcom.ca.sub -file sub.class2.server.ca.crt -keystore .keystore 5. keytool -import -alias some-time -file ns.some-time.de.signed.crt -keystore .keystore Important: alias in command 5 has to be equal to alias in command 1!!! The problem is solved for me but I think it is still a good idea to make FF3 accept the certificates I posted before with DSA signature. > Marko, > > On 2/11/2009 3:54 AM, Marko Sacher wrote: > > I think I have the following problem: > > > > https://bugzilla.mozilla.org/show_bug.cgi?id=441321 > > > > I made a report there. > > Excellent. Please followup with them (there's already a question about > your setup from Kaspar Brand. > > If/when you find a solution, please post back to the list. > > Good luck, > -chris > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org