Този сайт ще има ограничена функционалност, докато се извършва тече неговата поддръжка. Ако дадена статия не може реши проблема ви и искате да зададете въпрос, нашата общност е готова да ви помогне на @firefox в Twitter и /r/firefox в Reddit.

Търсене в помощните статии

Избягвайте измамите при поддръжката. Никога няма да ви помолим да се обадите или изпратите SMS на телефонен номер или да споделите лична информация. Моля, докладвайте подозрителна активност на "Докладване за злоупотреба".

Научете повече

Site with replaced SSL cert now returns (Error code: sec_error_reused_issuer_and_serial)

  • 3 отговора
  • 6 имат този проблем
  • 6 изгледи
  • Последен отговор от tantobourne

more options

An internal SSL enabled website was previously using a MS Domain CA signed cert. The SSL cert was then replaced with a RapidSSL signed cert for external usage.

Now in FF 10.0.0.2 accessing the site with the new SSL cert returns (Error code: sec_error_reused_issuer_and_serial).

Various troubleshooting methods tried:

1. This cert did not appear in the server certificate list to delete. I opted to remove the MS CA cert and all other related server certs. Also ensured old server cert was marked as revoked and out of service in MS CA Admin. Issue still exists.

2. I ensured the RapidSSL CA certs were installed in FF and valid. Issue still exists.

3. I cleared all FF caches and restarted. Issue still exists.

4. I deleted the cert8.db and cert_override.txt file and restarted FF. Issue still exists.

5. I used the about:config route and set ssl.allow_unrestricted_renego_everywhere_temporary_available_pref to true and restarted. Issue still exists.

5. Confirmed successful site access via IE9 and Chrome 1.7.0 without issue.

Any other tips to try in order to resolve this?

An internal SSL enabled website was previously using a MS Domain CA signed cert. The SSL cert was then replaced with a RapidSSL signed cert for external usage. Now in FF 10.0.0.2 accessing the site with the new SSL cert returns (Error code: sec_error_reused_issuer_and_serial). Various troubleshooting methods tried: 1. This cert did not appear in the server certificate list to delete. I opted to remove the MS CA cert and all other related server certs. Also ensured old server cert was marked as revoked and out of service in MS CA Admin. Issue still exists. 2. I ensured the RapidSSL CA certs were installed in FF and valid. Issue still exists. 3. I cleared all FF caches and restarted. Issue still exists. 4. I deleted the cert8.db and cert_override.txt file and restarted FF. Issue still exists. 5. I used the about:config route and set ssl.allow_unrestricted_renego_everywhere_temporary_available_pref to true and restarted. Issue still exists. 5. Confirmed successful site access via IE9 and Chrome 1.7.0 without issue. Any other tips to try in order to resolve this?

Всички отговори (3)

more options

Maybe inspect the certificate with this extension.

Does that error also happen in other browsers like Google Chrome?

Deleting the cert8.db should have removed all stored intermediate certificates, so you may have a conflict with a build-in root certificate.

more options

Thanks for the reply!

Cert Viewer wasn't of much help since Firefox wouldn't register that the certificate was valid. If I click on the page view-->More information button, where I would expect to see the "View Certificate" option I have no option to click.

>>Google Chrome Yes, accessing this SSL site works fine with Chrome and IE.

>>cer8.db I've renamed this file, went to the extreme of uninstalling Firefox and any remaining program and profile folder items as well.

>>build-in root certificate I pulled up the local cert store on the computer and even ripped out any pertaining or close to pertaining SSL CA certificates and server certificates and this did nothing for me. I'm really puzzled at why this error has to be so Microsoftian and vague with no solution. Speaking of Microsoft, I've resigned myself to using IE & Chrome to view the particular site since the FF browser doesn't want to play with the cert.

>>another extreme For the record I also re-issued the site cert and re-installed it along with any intermediary and root CA certs just to cover my bases.

Cheers, ~Pete