I've had this issue for a while; I'm don't know what's causing it, as it's a very vague error that can be 'missing extension' to 'true needs to be 0xFF instead of 1 for bool values'. I grabbed the source, and built a copy, and was stepping through accessing a custom built chain; I got a different error, this time I got SEC_ERROR_UNKNOWN_ISSUER. Which just means I didn't add the root cert to firefox(?) Yes, after adding the root, it connects just fine. Which lead me to think 'great next firefox it won't be an issue'... but wait, 107.0.1 release does have the error still; so, I checked out FIREFOX_107_0_1_RELEASE and built that. Again it worked.... So what can be the difference between building a debug release branch version and the released version of firefox that causes a difference interpreting certificates? I have no issues with chrome or edge (although I did fix a issue with chrome that chrome stopped working, and I fixed 1 to 0xFF for a boolean setting in BASIC_USAGE extension, and then chrome was happy again. https://bingodemos.com/ as it is currently configured fails. With SEC_ERROR_EXTENSION_VALUE_INVALID error I don't see a way to even see the cert chain, with the above unknown issuer, I can at least see the certificates with more information.