Since Firefox 67.0.1, Google and some other websites can't be access if a proxy is performing HTTPS decryption
Firefox is showing this error : SEC_ERROR_REUSED_ISSUER_AND_SERIAL
The proxy is performing https decryption based on a crafted rootCA that is distributed through GPO (Windows AD environment.) and firerefox configured to trust enterprise roots CAs (security.enterprise_roots.enabled;true) All worked fine before Firefox 67.0.1 Now, some websites are still working but some are not, including Google and Mozilla's sites. Chrome is working fine with both of those websites. Proxy used is Trendicro Interscan Web security virtual appliance 6.5 sp2 fully patched.
All Replies (3)
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own.
https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can
https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites
https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message
https://support.mozilla.org/en-US/kb/connection-untrusted-error-message
Websites don't load - troubleshoot and fix error messages
http://kb.mozillazine.org/Error_loading_websites
What do the security warning codes mean
SEC_ERROR_REUSED_ISSUER_AND_SERIAL
https://www.bing.com/search?q=sec_error_reused_issuer_and_serial
Separate Security Issue: Update your Flash Player or remove it using these links; Uninstall Flash Player | Windows {web link} Uninstall Flash Player | Mac {web link}
Note: Windows users should download the ActiveX for Internet Explorer. and the plugin for Plugin-based browsers (like Firefox).
Note: Windows 8 and Windows 10 have built-in flash players and Adobe will cause a conflict. Install the plugin only. Not the ActiveX.
Flash Player Version 32.0.0171
https://get.adobe.com/flashplayer/ Direct link scans current system and browser Note: Other software is offered in the download. <Windows Only>
https://get.adobe.com/flashplayer/otherversions/ Step 1: Select Operating System Step 2: Select A Version (Firefox, Win IE . . . .) Note: Other software is offered in the download. <Windows Only> +++++++++++++++++++ See if there are updates for your graphics drivers https://support.mozilla.org/en-US/kb/upgrade-graphics-drivers-use-hardware-acceleration
KB are not directly related to my issue. Environnment is enterprise network using and HTTP proxy that needs to perfomr HTTPS decryption.
This is not something we want to workaround.
TLS connexion were handled finely for a long time, and with the last version, on some particular websites, like google.com or mozilla.org, this doesn'twork anymore.