On Fri, Sep 11, 2015 at 4:29 PM, Kurt Roeckx <[email protected]> wrote: > On Fri, Sep 11, 2015 at 03:34:21PM -0400, Richard Barnes wrote: > > And that the certificate has the "identify websites" bit set? > > You mean that when it's important into firefox, he should say it > should be trusted for websites? Or are you talking about an > extention in the certificate itself? >
The former. When you import a certificate into Firefox, you can set three trust bits -- websites, email, and code signing. If you want to use the CA for HTTPS and you don't check the websites box, you're gonna have a bad time. --Richard > > > Kurt > > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
