Comment 8 for bug 187341

Not sure. I believe it is missing one of the Certificate Key Usage attributes which firefox feels is required. The list of all certificate key usage values is here: http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html

However, I'm not sure which usage values firefox wants.

You can retrieve the details of a certificate from a server by doing: 'openssl s_client -showcerts -connect [host]:[port] | openssl x509 -text'. Looking at your examples, that would be 'openssl s_client -showcerts -connect localhost:8000 | openssl x509 -text'