On Sun, Feb 11, 2007 at 12:36:53PM +0530, Siddhesh Poyarekar <[EMAIL 
PROTECTED]> wrote:
> On 2/11/07, Mike Hommey <[EMAIL PROTECTED]> wrote:
> >SEC_ERROR_INADEQUATE_KEY_USAGE
> >        -8102   Certificate key usage inadequate for attempted operation.
> >
> >(from http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html 
> >)
> >
> >>Pretty strange. Would you mind filing a bug at bugzilla.mozilla.org
> >>and linking it to this one?
> >
> >There are already plenty of them, and it is useless to add one.
> >
> >See
> >http://gemal.dk/blog/2003/03/03/internet_explorer_just_doesnt_care_about_security/
> 
> Doesn't the "X509v3 Extended Key Usage" section come into play at all?
> It specifies "TLS Server Authentication" as one of the usages. There
> is another certificate in use in one of our internal sites that has an
> identical certificate layout except that the "X509v3 Extended Key
> Usage" field comes before the "X509v3 Key Usage" field unlike in this
> certificate. That certificate works just fine in iceweasel.

But does the CA certificate specify a "Certificate Sign" key usage ?

Mike



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to