Hello
> Thanks, I don't know what extensions are. I runned that command and it

shows this extensions:
>
> X509v3 extensions:
> X509v3 Basic Constraints:
> CA:FALSE
> Netscape Cert Type:
> SSL Client, S/MIME, Object Signing
> Netscape Comment:
> OpenSSL Generated Certificate
> X509v3 Subject Key Identifier:
> 84:C9F:56:82:E7:B9:2A:A5:3F:EB:E2:7B:E0:F0:B7:B8:5C:F1: EA
> X509v3 Authority Key Identifier:
> keyid:3B:5E:C9:05:88:E2:13:3A:26:A0D:3F:22:9D:55:12:35:71:B0:1D
>
> Are they right?

I do not know how Firefox handles Netscape Cert Type but this
does not look like SSL Server Certificate.
You may try to comment Netscape Cert Type in your openssl.cnf file
(nsCertType directive).
You may also add/uncomment/modify directive:
keyUsage = nonRepudiation, digitalSignature, keyEncipherment,
keyAgreement
Next generate new certificate and test.

Best regards,
--
Marek Marcola

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org