XPI signing problem when root certificate is version 1?
Dear list members,
I'm trying to sign an XPI with a certificate with the GTE Cybertrust
Global Root CA at the top of the certificate chain. The chain looks as
follows: [Root CA]-[Primary CA]-[Code Signing CA]-[Signing
certificate], and we want the GTE on certificate on top because it's
one of Firefox's built-in certificates.
When I try to install the XPI in Firefox (v1.5/v2), I get the "Signing
could not be verified (-260)" error. When I replace the GTE Cybertrust
Global Root CA with our own Root CA certificate in the chain, and I
install our Root CA certificate explicitly in Firefox, it works as
The difference between our Root CA certificate and the GTE one, is the
fact that ours is a version 3 certificate while GTE's is version 1.
Other signed XPI's I downloaded from the Internet all seem to point to
a level 3 root certificate.
Has anyone experienced similar issues or can anyone point me in
another direction, because I'm running out of inspiration real fast