In article <[EMAIL PROTECTED]>, travis57 @clothes.megalink.net says... > This was originaly posted to alt.netscape, where it was suggested i post > it to netscape.public.mozilla.security. As either that group does not > exist, or is not availible on my news server, i chose this group as the > next likely choice. > > So here is the original message... > > First of all, i make my own certificates, using my own Root CA. > For a background, the certs are generated using OpenSSL on a Linux > server (with Mod_SSL running on Apache). > The certs work fine with MSIE. > > Under netscape, i am able to install the Root certificate into the > trusted roots, but i am unable to view the SSL page. > Netscape gives me an error that either the cert is corrupted, or the > other one that pops up is that the cert is "not approved for this type > of application". Now when the certs are generated, they are approved for > all types of applications by default (even certificate signing). > For an example of what i mean, go to > http://travis5765.homelinux.net/ca.php > (its a dyndns.org domain so its only availible when i'm online, which is > most of the day) > You should have no trouble installing the cert. now, change the http to > https and load the page. Every time i try just that, it gives me an > error of some sort (depending on the version of Netscape i try it with). > > So, to make a long story longer, what is required of a site certificate > to be viewable from Netscape? > > I thank you in advance for any help. >
At least one problem is that you are including the pathlen parameter with CA=FALSE. Omit this because it is illegal as is mentioned in doc/openssl.txt . Steve.
