Caprock.home

I have a local Rocky Linux server running a nginx web server. I am using a Macos laptop. I am trying to install a self signed ssl certificate using openssl on my web server.. The certificate I generated works with Safari but not with Firefox. I have copied the certificate to both Safari and Firefox for local use. Privacy and Security, Manage Certificates, Your Certificates. Firefox complains that that my TLS is tls 1.1, when I am using tls 1.3: An error occured during connection to tls-v1-1.badssl.com:1011. Peer using unsupported version of security protocol. My test on my server shows: sudo curl -v https://caprock.home Connected to caprock.home (192.168.2.44) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/pki/tls/certs/ca-bundle.crt * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS header, Finished (20): * TLSv1.3 (IN), TLS change cipher, Change cipher spec (1): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.2 (OUT), TLS header, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS header, Unknown (23): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: C=US; ST=Colorado; O=Caprock Development; OU=Caprock Development Home Base; CN=caprock.home; emailAddress=mike@white-home.com * start date: Aug 12 19:26:04 2025 GMT * expire date: Nov 13 19:26:04 2032 GMT * common name: caprock.home (matched) * issuer: C=US; ST=Colorado; L=Canon City; O=Caprock Development; OU=Caprock Development Home Base; CN=caprock.home; emailAddress=mike@white-home.com * SSL certificate verify ok. * TLSv1.2 (OUT), TLS header, Unknown (23): > GET / HTTP/1.1 > Host: caprock.home > User-Agent: curl/7.76.1 > Accept: */* > * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing * TLSv1.2 (IN), TLS header, Unknown (23): * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Server: nginx/1.20.1 < Date: Tue, 28 Apr 2026 13:17:26 GMT < Content-Type: text/html; charset=UTF-8 < Transfer-Encoding: chunked < Connection: keep-alive < X-Powered-By: PHP/8.3.30 < <h1> Caprock.home </h1> * Connection #0 to host caprock.home left intact Furthermore I can't seem to delete the certificate from Firefox and re add it?