This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Site with replaced SSL cert now returns (Error code: sec_error_reused_issuer_and_serial)

more options

An internal SSL enabled website was previously using a MS Domain CA signed cert. The SSL cert was then replaced with a RapidSSL signed cert for external usage.

Now in FF 10.0.0.2 accessing the site with the new SSL cert returns (Error code: sec_error_reused_issuer_and_serial).

Various troubleshooting methods tried:

1. This cert did not appear in the server certificate list to delete. I opted to remove the MS CA cert and all other related server certs. Also ensured old server cert was marked as revoked and out of service in MS CA Admin. Issue still exists.

2. I ensured the RapidSSL CA certs were installed in FF and valid. Issue still exists.

3. I cleared all FF caches and restarted. Issue still exists.

4. I deleted the cert8.db and cert_override.txt file and restarted FF. Issue still exists.

5. I used the about:config route and set ssl.allow_unrestricted_renego_everywhere_temporary_available_pref to true and restarted. Issue still exists.

5. Confirmed successful site access via IE9 and Chrome 1.7.0 without issue.

Any other tips to try in order to resolve this?

An internal SSL enabled website was previously using a MS Domain CA signed cert. The SSL cert was then replaced with a RapidSSL signed cert for external usage. Now in FF 10.0.0.2 accessing the site with the new SSL cert returns (Error code: sec_error_reused_issuer_and_serial). Various troubleshooting methods tried: 1. This cert did not appear in the server certificate list to delete. I opted to remove the MS CA cert and all other related server certs. Also ensured old server cert was marked as revoked and out of service in MS CA Admin. Issue still exists. 2. I ensured the RapidSSL CA certs were installed in FF and valid. Issue still exists. 3. I cleared all FF caches and restarted. Issue still exists. 4. I deleted the cert8.db and cert_override.txt file and restarted FF. Issue still exists. 5. I used the about:config route and set ssl.allow_unrestricted_renego_everywhere_temporary_available_pref to true and restarted. Issue still exists. 5. Confirmed successful site access via IE9 and Chrome 1.7.0 without issue. Any other tips to try in order to resolve this?

All Replies (3)

more options

No solution 4 U!

more options

Maybe inspect the certificate with this extension.

Does that error also happen in other browsers like Google Chrome?

Deleting the cert8.db should have removed all stored intermediate certificates, so you may have a conflict with a build-in root certificate.

more options

Thanks for the reply!

Cert Viewer wasn't of much help since Firefox wouldn't register that the certificate was valid. If I click on the page view-->More information button, where I would expect to see the "View Certificate" option I have no option to click.

>>Google Chrome Yes, accessing this SSL site works fine with Chrome and IE.

>>cer8.db I've renamed this file, went to the extreme of uninstalling Firefox and any remaining program and profile folder items as well.

>>build-in root certificate I pulled up the local cert store on the computer and even ripped out any pertaining or close to pertaining SSL CA certificates and server certificates and this did nothing for me. I'm really puzzled at why this error has to be so Microsoftian and vague with no solution. Speaking of Microsoft, I've resigned myself to using IE & Chrome to view the particular site since the FF browser doesn't want to play with the cert.

>>another extreme For the record I also re-issued the site cert and re-installed it along with any intermediary and root CA certs just to cover my bases.

Cheers, ~Pete