Hello > Thanks, I don't know what extensions are. I runned that command and it shows this extensions: > > X509v3 extensions: > X509v3 Basic Constraints: > CA:FALSE > Netscape Cert Type: > SSL Client, S/MIME, Object Signing > Netscape Comment: > OpenSSL Generated Certificate > X509v3 Subject Key Identifier: > 84:C9:DF:56:82:E7:B9:2A:A5:3F:EB:E2:7B:E0:F0:B7:B8:5C:F1:EA > X509v3 Authority Key Identifier: > keyid:3B:5E:C9:05:88:E2:13:3A:26:A0:DD:3F:22:9D:55:12:35:71:B0:1D > > Are they right? I do not know how Firefox handles Netscape Cert Type but this does not look like SSL Server Certificate. You may try to comment Netscape Cert Type in your openssl.cnf file (nsCertType directive). You may also add/uncomment/modify directive: keyUsage = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement Next generate new certificate and test.
Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
