為了改善您的使用體驗,本網站正在進行維護,部分功能暫時無法使用。若本站的文件無法解決您的問題,想要向社群發問的話,請到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 發問,我們的社群成員將很快會回覆您的疑問。

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Firefox isn't trusting a replaced user certificate.

  • 4 回覆
  • 1 有這個問題
  • 19 次檢視
  • 最近回覆由 dkeeler

more options

I access one TLS URL that's secured by user certificate. I had no problem importing the .p12 certificate into my profile's user certificate store ("Your Certificates"), and I could access the URL.

On the TLS URL system, for an unrelated reason, I had to generate a new certificate. My task was to remove the user certificate from my profile's certificate store, and replace with the new certificate.

The replacement was perfect: Delete the old certificate, import the new certificate. Enter the cert password, and see the new certificate, with its new serial ID listed in Firefox's certificate store.

When I try to visit the TLS secured URL, Firefox gives "Secure Connection Failed" and "SEC_ERROR_BAD_SIGNATURE". It says "Peer has an invalid signature."

I'm at a loss how to proceed troubleshooting this.

I access one TLS URL that's secured by user certificate. I had no problem importing the .p12 certificate into my profile's user certificate store ("Your Certificates"), and I could access the URL. On the TLS URL system, for an unrelated reason, I had to generate a new certificate. My task was to remove the user certificate from my profile's certificate store, and replace with the new certificate. The replacement was perfect: Delete the old certificate, import the new certificate. Enter the cert password, and see the new certificate, with its new serial ID listed in Firefox's certificate store. When I try to visit the TLS secured URL, Firefox gives "Secure Connection Failed" and "SEC_ERROR_BAD_SIGNATURE". It says "Peer has an invalid signature." I'm at a loss how to proceed troubleshooting this.

所有回覆 (4)

more options

I have not found a solution for this issue. Any help is appreciated.

more options

Does it work if you rename/remove cert9.db (and cert8.db when present) in the profile folder ?

hYou can use the button on the "Help -> Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page.

由 cor-el 於 修改

more options

Thank you for your response.

I renamed the cert9.db to cert9.db.old. No cert8.db file was present in the profile directory.

I restarted Firefox completely. No effect. I am still unable to connect to the URL. The error is different: PR_END_OF_FILE_ERROR

由 NDeMarco 於 修改

more options

Did you re-import your client certificate after renaming cert9.db?