How do you specify the name (URL) of the Web site in Firefox? Do you use exactly the same name as you use with the test client (and the name in the certificate)?
Firefox is saying the certificate is for myserver but you are specifying a different name when you open the site. The name has to be exactly the same as one of the names (including alternates) in the certificate. (You can wildcard the last node in the alternate names.) myserver is not the same as myserver.com Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Derek Cole Sent: Thursday, October 11, 2012 4:03 PM To: openssl-users@openssl.org Subject: Firefox unhappy with my self signed Cert Hello, I sort of posted about this earlier, but I think this is a more concise question (as the previous replies were helpful for me to start debugging the problem). i have a server that is running a custom app that can accept a SSL connection. I generate a cert on each server, that is signed by my own CA. I tested whether this worked or not by using the openssl s_client and s_server commands, and it actually worked to connect to the server using those commands. I started the server with a PEM file that contained the signed cert request, as well as the private key for that cert request. This allowed me to start the server with openssl s_server -accept 443 -cert myfile.cert and on the client side openssl s_client -connect myserver:443 -CAfile my_server_cert.pem This gave me a verify code of zero, so I thought I was good to go. I installed my_server_cert.pem as a trusted authority in firefox, however, it still prompts that it is an "Untrusted Connection" and has the button to add security exception. When I click this button, I noticed that under Certificate Status it says "Wrong Site" and "This iste attempts to identify itself iwth invalid information" I'd prefer my clients to not have this pop-up when they are connecting to my servers. From the server side, when I debug the app, I see I get the "sslv3 alert bad certificate" error at first, and then the next connection's are SSL_accepted() as the client requests cert status and such, until i'm finally done adding the security exception, and my final SSL_accept() finally gets a return of "1" which I was hoping for. Is this just a firefox bug or what? I have noticed too, that I am able to launch my custom app, and use openssl s_client -connect to connect to that same server, same certs, and it gives me verify code zero. Thanks for any insight.
