I have a problem. I become the error in the headline. I have a signed certificate from a recognized company. Now I want to create a second certificate.

I created the key with

openssl genrsa -des3 -out example.abc.key

then the CSR-File with

openssl req -new -key example.abc.key -out example.abc.csr

and removed the passphrase with

openssl rsa -in example.abc.key -out example.abc.key

Now I created the certificate signed by the other certificate I become from the recognized company with

openssl x509 -req -in example.abc.csr -CA signed.certificate.crt -CAkey signed.certificate.key -out example.abc.crt

After all, I create the PKCS12-File

openssl pkcs12 -export -in example.abc.crt -inkey example.abc.key -name "Example Client" -out example.abc.p12

If I call the website the webserver ask the client to identify and I can selected the imported certificate. The error in the headline appears and I didn't know how to solve it. I'm frustrated, because I googled, but didn't find anything which helps.

If I understand you correctly you got a signed certificate and you want to use it to sign another certificate. Since I'm pretty sure that you just got a normal certificate you might be able to sign another certificate, but this new certificate will not accepted by anybody. Only CA certificates can be used to successfully sign other certificates.

If this restriction would not be there then anybody could get a certificate for its own site (example.com) and then use it to sign a certificate for some other site like paypal.com. This would be indeed very bad if this would work.