Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Шукати в статтях підтримки

Остерігайтеся нападів зловмисників. Mozilla ніколи не просить вас зателефонувати, надіслати номер телефону у повідомленні або поділитися з кимось особистими даними. Будь ласка, повідомте про підозрілі дії за допомогою меню “Повідомити про зловживання”

Докладніше

Ця тема перенесена в архів. Якщо вам потрібна допомога, запитайте.

Site with replaced SSL cert now returns (Error code: sec_error_reused_issuer_and_serial)

  • 3 відповіді
  • 6 мають цю проблему
  • 6 переглядів
  • Остання відповідь від tantobourne

more options

An internal SSL enabled website was previously using a MS Domain CA signed cert. The SSL cert was then replaced with a RapidSSL signed cert for external usage.

Now in FF 10.0.0.2 accessing the site with the new SSL cert returns (Error code: sec_error_reused_issuer_and_serial).

Various troubleshooting methods tried:

1. This cert did not appear in the server certificate list to delete. I opted to remove the MS CA cert and all other related server certs. Also ensured old server cert was marked as revoked and out of service in MS CA Admin. Issue still exists.

2. I ensured the RapidSSL CA certs were installed in FF and valid. Issue still exists.

3. I cleared all FF caches and restarted. Issue still exists.

4. I deleted the cert8.db and cert_override.txt file and restarted FF. Issue still exists.

5. I used the about:config route and set ssl.allow_unrestricted_renego_everywhere_temporary_available_pref to true and restarted. Issue still exists.

5. Confirmed successful site access via IE9 and Chrome 1.7.0 without issue.

Any other tips to try in order to resolve this?

An internal SSL enabled website was previously using a MS Domain CA signed cert. The SSL cert was then replaced with a RapidSSL signed cert for external usage. Now in FF 10.0.0.2 accessing the site with the new SSL cert returns (Error code: sec_error_reused_issuer_and_serial). Various troubleshooting methods tried: 1. This cert did not appear in the server certificate list to delete. I opted to remove the MS CA cert and all other related server certs. Also ensured old server cert was marked as revoked and out of service in MS CA Admin. Issue still exists. 2. I ensured the RapidSSL CA certs were installed in FF and valid. Issue still exists. 3. I cleared all FF caches and restarted. Issue still exists. 4. I deleted the cert8.db and cert_override.txt file and restarted FF. Issue still exists. 5. I used the about:config route and set ssl.allow_unrestricted_renego_everywhere_temporary_available_pref to true and restarted. Issue still exists. 5. Confirmed successful site access via IE9 and Chrome 1.7.0 without issue. Any other tips to try in order to resolve this?

Усі відповіді (3)

more options

Maybe inspect the certificate with this extension.

Does that error also happen in other browsers like Google Chrome?

Deleting the cert8.db should have removed all stored intermediate certificates, so you may have a conflict with a build-in root certificate.

more options

Thanks for the reply!

Cert Viewer wasn't of much help since Firefox wouldn't register that the certificate was valid. If I click on the page view-->More information button, where I would expect to see the "View Certificate" option I have no option to click.

>>Google Chrome Yes, accessing this SSL site works fine with Chrome and IE.

>>cer8.db I've renamed this file, went to the extreme of uninstalling Firefox and any remaining program and profile folder items as well.

>>build-in root certificate I pulled up the local cert store on the computer and even ripped out any pertaining or close to pertaining SSL CA certificates and server certificates and this did nothing for me. I'm really puzzled at why this error has to be so Microsoftian and vague with no solution. Speaking of Microsoft, I've resigned myself to using IE & Chrome to view the particular site since the FF browser doesn't want to play with the cert.

>>another extreme For the record I also re-issued the site cert and re-installed it along with any intermediary and root CA certs just to cover my bases.

Cheers, ~Pete