Hello, I sort of posted about this earlier, but I think this is a more concise question (as the previous replies were helpful for me to start debugging the problem).
i have a server that is running a custom app that can accept a SSL connection. I generate a cert on each server, that is signed by my own CA. I tested whether this worked or not by using the openssl s_client and s_server commands, and it actually worked to connect to the server using those commands. I started the server with a PEM file that contained the signed cert request, as well as the private key for that cert request. This allowed me to start the server with openssl s_server -accept 443 -cert myfile.cert and on the client side openssl s_client -connect myserver:443 -CAfile my_server_cert.pem This gave me a verify code of zero, so I thought I was good to go. I installed my_server_cert.pem as a trusted authority in firefox, however, it still prompts that it is an "Untrusted Connection" and has the button to add security exception. When I click this button, I noticed that under Certificate Status it says "Wrong Site" and "This iste attempts to identify itself iwth invalid information" I'd prefer my clients to not have this pop-up when they are connecting to my servers. From the server side, when I debug the app, I see I get the "sslv3 alert bad certificate" error at first, and then the next connection's are SSL_accepted() as the client requests cert status and such, until i'm finally done adding the security exception, and my final SSL_accept() finally gets a return of "1" which I was hoping for. Is this just a firefox bug or what? I have noticed too, that I am able to launch my custom app, and use openssl s_client -connect to connect to that same server, same certs, and it gives me verify code zero. Thanks for any insight.