-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 09.05.2012 14:32, schrieb Ken Stevenson:
I got only this keys. Can you explain me what exactly you mean with adding chains? And I wonder why this error only occurs in Thunderbird, not in openssl.
Never mind, I don't think my first guess was correct. I wonder if it has to do with the error 27 reported in the verify by openssl. According to the manual, an error 27 means:
"the root CA is not marked as trusted for the specified purpose."
It looks like the certificate is valid cryptographically, but that it wasn't certified for how you're using it.
If I run:
openssl x509 -in ssl.crt -noout -text
The output includes the following:
X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Key Usage: critical Digital Signature, Key Encipherment
Does yours look different?
Mine looks like this:
X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Server Authentication
Markus Fritz Administration
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPqmuQAAoJEINBXoxEgR1sshwIALPRc0ozkTms2z9q+wLo8nP4 ELA7OsIUYiRUbhO1WOvfUQ+Ltssw5WcmvDQdpiAEZBL92s3hLvGqiJxc4TjoF3Fd lfar4OIQ/G2GMgzA9QeJu/EVMks29031RifSo2zkXnmTJMoTVAtsnRMc3UwIOTPV 0yDAXMZN7Ph4t5TbjJRk6Dox2PZj9qsixsOXb82ErE9TyaKT/p+Qdk2U/gvKWMUM Himz4q6bWIpc5D+h1KKes27+HIHPWjFLE2OPKfF58vw1ws1dmYvwM14v3RRW9e1X UYBZXcv5dIJHNXhkANgY/reWQjl3QU5JIalyU4S8MaF1OTr4Gr4SzsBBzY5eCd0= =j6Vx -----END PGP SIGNATURE-----