Dave Roberts <[EMAIL PROTECTED]> wrote in [EMAIL PROTECTED]:">news:[EMAIL PROTECTED]:
> On Thu, 24 Jan 2002 06:56:25 GMT, [EMAIL PROTECTED] (Markus Dolze) > allegedly wrote: > >> So what information (e.g. extensions) need to be present in the >> certificate? My certificate includes the subjectAltName-extension set >> to the e-mail address used in my mail account settings. > > Disclaimer: I don't *know* exactly what Mozilla is doing with regards > to the checking. Someone on the development team could jump in here. > > On my certificates, I have an extension subjectAltName (OID=2.5.29.17) > set to my e-mail address. I also have an item within the Subject DN of > Email (OID=1.2.840.113549.1.9.1), which is also set to the email > address. It *may* be that Mozilla is looking for the latter. > > Or, have you imported your company's CA certificate as a valid > "authority"? > > HTH > > - Dave. > The certificate contains subjectAltName (OID 2.5.29.17), but it looks like Mozilla doesn't recognize it. If I view my certificate, the extensions are listed, but subjectAltName appears as 2.5.29.17 and the content (my mail address) is printed as a hex-string. So, what is Mozilla looking for? PS: The company's certificate is imported as a authority and marked as trusted for issuing certificate (all types) Markus
