Your certificate contains the same serial number as another certificate issued by the certificate authority.
Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number. (Error code: sec_error_reused_issuer_and_serial)
We manage 10,000's of FortiGate firewalls all over the US and Canada. Constantly we see this issue pop up when we try to manage several of the same models with FireFox. Clearing out the certs and removing files from the computer gets old, very fast. About 90% of the time these days our company has been migrating to Chrome or IE as they do not seem to care about this and just want to be able to access and manage devices without having to deal with FireFox's additional "security" features.
Is there any way we can have an option to bypass this? FireFox has a few necessary features and we cannot remove it just yet, but we are evaluating other options if this is not something that can be worked around in a permanent manner.
All Replies (2)
Is your issue that Firefox raises a security alert when it identifies reused certificate issuer and serial numbers?
Or is Firefox misreading those issuer & serial numbers, and raising a false alert?
Or, are you looking for a way to have Firefox ignore reused certificate issuer and serial numbers?
If you feel that Mozilla security standards in Firefox are too high, and you want to have options to turn off certain features, file a Bug report and explain what you would like to see changed.
https://bugzilla.mozilla.org/
https://developer.mozilla.org/en/Bug_writing_guidelines
FortiGates use a self-signed certificate and it would appear that FireFox will work correctly for a while after the cert database has been removed. After an unknown amount of time we will see "Error code: sec_error_reused_issuer_and_serial" pop up. I'm not sure if it is a false alert or if because of how Fortinet handles the self-signed certificate for HTTPS access of the firewalls, but the issue is easy to duplicate.
If there was a way to bypass this check (IE and Chrome never have this issue), some option or feature to disable, that would be extremely handy.