Firefox "invalid certificate" error for a trusted website (sec_error_reused_issuer_and_serial)

24
2014-04
  • hpy

    I am connecting to a website (via Firefox 6.0.2 on Mac OS X 10.6.8) I know is legitimate, and the connection worked up till yesterday. However, when I connected to day I got the following error:

    An error occurred during a connection to www.windowslinuxosx.com.

    You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information:

    Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number.

    (Error code: sec_error_reused_issuer_and_serial)

    Is there a way to fix this?

  • Answers
  • Ram

    If it's a public CA it is likely an operational error which they would very much want to know about. If it's a private CA or cert then the signer should resign it with a new serial number to get rid of the error (bad form to reuse a serial number... unless you are willing to revoke all certs with that # at the same time). You could download the cert (use openssl as an ssl client and have it save the certificate for you) and then explicitly add the certifiate to the FF root store marked as trusted (http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html) but that might not do the trick depending on where NSS is catching the problem. In any case the right action is fixing (re-issuing) the certificate.

  • JRobert

    It worked before you upgraded Firefox, right? Firefox 6.0.2 was released specifically to address the DigiNotar certificate authority breach by removing suspect CAs from the list of trusted signers. Is your site's certificate one of those?


  • Related Question

    Verify Security Certificate from AusCert
  • portoalet

    I have my security digital certificate for https signed by AusCert.
    Given AusCert certificate and my security certificate, is there a tool to test whether it's a valid certificate or not (other than using web browser) ?


  • Related Answers
  • Josh K

    There are web based solutions, but your best bet is to use a web browser.