I have a local Rocky Linux server running a nginx web server. I am using a Macos laptop. I am trying to install a self signed ssl certificate using openssl on my web server.. The certificate I generated works with Safari but not with Firefox. I have copied the certificate to both Safari and Firefox for local use. Privacy and Security, Manage Certificates, Your Certificates. Firefox complains that that my TLS is tls 1.1, when I am using tls 1.3:

An error occured during connection to tls-v1-1.badssl.com:1011. Peer using unsupported version of security protocol.

My test on my server shows:

sudo curl -v https://caprock.home

Connected to caprock.home (192.168.2.44) port 443 (#0)

• ALPN, offering h2
• ALPN, offering http/1.1
• CAfile: /etc/pki/tls/certs/ca-bundle.crt
• TLSv1.0 (OUT), TLS header, Certificate Status (22):
• TLSv1.3 (OUT), TLS handshake, Client hello (1):
• TLSv1.2 (IN), TLS header, Certificate Status (22):
• TLSv1.3 (IN), TLS handshake, Server hello (2):
• TLSv1.2 (IN), TLS header, Finished (20):
• TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
• TLSv1.2 (IN), TLS header, Unknown (23):
• TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
• TLSv1.2 (IN), TLS header, Unknown (23):
• TLSv1.3 (IN), TLS handshake, Certificate (11):
• TLSv1.2 (IN), TLS header, Unknown (23):
• TLSv1.3 (IN), TLS handshake, CERT verify (15):
• TLSv1.2 (IN), TLS header, Unknown (23):
• TLSv1.3 (IN), TLS handshake, Finished (20):
• TLSv1.2 (OUT), TLS header, Finished (20):
• TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
• TLSv1.2 (OUT), TLS header, Unknown (23):
• TLSv1.3 (OUT), TLS handshake, Finished (20):
• SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
• ALPN, server accepted to use http/1.1
• Server certificate:
• subject: C=US; ST=Colorado; O=Caprock Development; OU=Caprock Development Home Base; CN=caprock.home; emailAddress=mike@white-home.com
• start date: Aug 12 19:26:04 2025 GMT
• expire date: Nov 13 19:26:04 2032 GMT
• common name: caprock.home (matched)
• issuer: C=US; ST=Colorado; L=Canon City; O=Caprock Development; OU=Caprock Development Home Base; CN=caprock.home; emailAddress=mike@white-home.com
• SSL certificate verify ok.
• TLSv1.2 (OUT), TLS header, Unknown (23):

> GET / HTTP/1.1 > Host: caprock.home > User-Agent: curl/7.76.1 > Accept: */* >

• TLSv1.2 (IN), TLS header, Unknown (23):
• TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
• TLSv1.2 (IN), TLS header, Unknown (23):
• TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
• old SSL session ID is stale, removing
• TLSv1.2 (IN), TLS header, Unknown (23):
• Mark bundle as not supporting multiuse

< HTTP/1.1 200 OK < Server: nginx/1.20.1 < Date: Tue, 28 Apr 2026 13:17:26 GMT < Content-Type: text/html; charset=UTF-8 < Transfer-Encoding: chunked < Connection: keep-alive < X-Powered-By: PHP/8.3.30 <

Caprock.home

• Connection #0 to host caprock.home left intact

Furthermore I can't seem to delete the certificate from Firefox and re add it?