ssl certificate isn't recognized by the browser

[yurivict]

Browser suggests to add an exception:

localhost:57001 uses an invalid security certificate.
The certificate does not come from a trusted source.
Error code: MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA 
<Add Exception>

I confirm the exception, but after this firefox says:

Secure Connection Failed

An error occurred during a connection to localhost:57001.
SSL peer was unable to negotiate an acceptable set of security parameters.
Error code: SSL_ERROR_HANDSHAKE_FAILURE_ALERT

butterfly.log has these messages:

[W 170209 18:38:32 butterfly.server:317] Butterfly is ready, open your browser to: https://localhost:57001/
[W 170209 18:39:05 iostream:1276] SSL Error on 4 ('127.0.0.1', 54888): [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:661)
[W 170209 18:40:23 iostream:1276] SSL Error on 4 ('127.0.0.1', 56599): [SSL: PEER_DID_NOT_RETURN_A_CERTIFICATE] peer did not return a certificate (_ssl.c:661)

As a comparison, shellinabox generates a certificate and it works fine in the same browser.

What is wrong?

FreeBSD-11

[paradoxxxzero]

Is it a firefox only issue?
Did you follow this post for creating certs http://paradoxxxzero.github.io/2014/03/21/butterfly-with-ssl-auth.html ?

[yurivict]

I do butterfly.server.py --generate-certs --host=localhost as described there, and certificate fails. The problem is in both chrome and firefox.

[paradoxxxzero]

So this seems to be a python openssl on freebsd issue. I am far from being an expert on both of these topics. Maybe you can try to play with these lines: https://github.com/paradoxxxzero/butterfly/blob/master/butterfly.server.py#L161-L266

[ghost]

butterfly.server.py --unsecure=True