It must be due to removed "subject common name" fallback support from certificate validation. This fallback mode was previously enabled only for manually installed certificates. The CA Browser Forum Baseline Requirements have required the presence of the "subjectAltName" extension since 2012, and use of the subject common name was deprecated in RFC 2818.

Firefox from 101.0 onward no longer use certificate CN (Common Name) for matching domain name to certificate and have migrated to only using SAN (Subject Alternate Name) so if you self sign for internal devices you’ll need to regenerate.

So I added the SAN to the newly generated cert because as you mentioned since the SAN is now required. However, now it comes back with Error code: "SEC_ERROR_UNKNOWN_ISSUER." What's weird is both Edge and Chrome were complaining about the cert prior to adding the SAN. Once it was added, Edge and Chrome stopped complaining, but Firefox is still throwing errors.

I think the second issue was due to a corrupted Firefox profile. I completely removed Firefox, rebooted, reinstalled 101.1, and then synced my accounts and all appears to be good now since adding the SAN. Thanks again for the reminder about the SAN requirement.

Note that it might have been sufficient to rename/remove cert9.db in the Firefox profile folder to cleanup the certificate storage.

• https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data

Thanks for the tip, that makes sense seeing the issue after generating the new cert with SAN. Definitely going in my OneNote!