Why is this legacy issue still around? -Kyle H
On 1/25/06, Andrew Teklemariam <[EMAIL PROTECTED]> wrote: > > One possible reason: nsCertType. Firefox requires a 'server' key usage to > use it as a server cert. > nsCertType = server, email, ... > -andrew > > > > ________________________________ > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] > Sent: Wednesday, January 25, 2006 3:02 PM > To: [email protected] > Subject: Problems with FF cert that works on IE and Opera > > > > I have created a chain of certificates as follows: > A Self signed CA certificate > A server certificate > > A client certificate: > openssl genrsa -des3 -out client.key 4096 > > Client sign request: > openssl req -new -key client.key -out client.csr > > I signed the CSR with my CA: > openssl x509 -req -days 365 -in client.csr -CA STCCA.crt -CAkey STCCA.key > -set_serial 01 -out client.crt > > I then exported the crt to pcks12: > openssl pkcs12 -export -in client.crt -out client.p12 -inkey client.key > -name "Subversion" > > I can import and use this certificate successfully using IE and Opera. This > certificate fails for "unknown reasons" when I import with Firefox 1.0.7 and > 1.5. I tried exporting the CA certificate just for the heck of it using the > same command and this certificate imports correctly. What is going on? I > suspected the certificate was broken until it worked in IE. Then I suspected > the format was wrong until I exported the CA certificate the same way and it > worked. Please bring some sanity to my crazy world. Thanks > Brian Fox > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
