Hello,
> I enabled https in my website on a Tomcat server.
>
> I created with openSSL the CA, I singed my web certificate and I added

the certifie of
> my CA in IE and Firefox. With IE 6 and 7 it run successfull securely,

but with firefox
> and netscape it shows this error acceder perfectamente a la web de forma

segura, pero
> con firefox y netscape me muestra este error: " cannot establish

encrypted connection to
> the web server because the certificate is invalid or corrupted: Error

Code -8101 "
>
> Do you know what is the problem?

You may try look at your certificate extension with command:
$ openssl x509 -in cert.pem -text -noout

Extensions are checked by Firefox and enforced.
If you will not have required extensions or you will have
to many extension in your certificate Firefox may treat this
certificate as invalid.

For example you may have certificate with extensions:
.....
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Key Agreement
.....
which is valid.

But if you will have for some reason certificate:
.....
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
Code Signing
.....
then Firefox will treat this certificate as invalid.

Best regards,
--
Marek Marcola

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org