On Sun, Feb 11, 2007 at 12:36:53PM +0530, Siddhesh Poyarekar <[EMAIL PROTECTED]> wrote: > On 2/11/07, Mike Hommey <[EMAIL PROTECTED]> wrote: > >SEC_ERROR_INADEQUATE_KEY_USAGE > > -8102 Certificate key usage inadequate for attempted operation. > > > >(from http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html > >) > > > >>Pretty strange. Would you mind filing a bug at bugzilla.mozilla.org > >>and linking it to this one? > > > >There are already plenty of them, and it is useless to add one. > > > >See > >http://gemal.dk/blog/2003/03/03/internet_explorer_just_doesnt_care_about_security/ > > Doesn't the "X509v3 Extended Key Usage" section come into play at all? > It specifies "TLS Server Authentication" as one of the usages. There > is another certificate in use in one of our internal sites that has an > identical certificate layout except that the "X509v3 Extended Key > Usage" field comes before the "X509v3 Key Usage" field unlike in this > certificate. That certificate works just fine in iceweasel.
But does the CA certificate specify a "Certificate Sign" key usage ? Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]