This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

SEC_ERROR_BAD_SIGNATURE when visiting a site whose CA cert has the same name of another

  • Akukho zimpendulo
  • 0 zinale nkinga
  • 1 view
Davide Del Grande
Davide Del Grande
more options

Hi.

I have several internal sites, each signed with their own internal CA/subCA. These CAs are all named the same, but have different crypto materials.

If I import just 1 CA into FF (directly or in Windows store with security.enterprise_roots.enabled ), the site with that CA works fine (browser warning is not presented), but ALL those other internal sites give this error:


An error occurred during a connection to 10.1.1.1. Peer’s certificate has an invalid signature. Error code: SEC_ERROR_BAD_SIGNATURE

with no option to add a security exception.

If I add the CA for another site, that one works as well, the others won't. If I remove all the internal CAs, all the sites start working again (with browser warning, ofc.).


I tried in Chrome and Edge and I get the option to create a security exception for the sites for which I did not install their CA, which looks like the ideal/preferrable option to me.


Is this as intended (and why?) or can it be fixed?


This looks somewhat similar to this: https://support.mozilla.org/questions/1170738

Thank you. Davide.

Hi. I have several internal sites, each signed with their own internal CA/subCA. These CAs are all ''' named the same''', but have '''different ''' crypto materials. If I import just 1 CA into FF (directly or in Windows store with security.enterprise_roots.enabled ), the site with that CA works fine (browser warning is not presented), but ALL those other internal sites give this error: ''An error occurred during a connection to 10.1.1.1. Peer’s certificate has an invalid signature. Error code: SEC_ERROR_BAD_SIGNATURE'' with no option to add a security exception. If I add the CA for another site, that one works as well, the others won't. If I remove all the internal CAs, all the sites start working again (with browser warning, ofc.). I tried in Chrome and Edge and I get the option to create a security exception for the sites for which I did not install their CA, which looks like the ideal/preferrable option to me. Is this as intended (and why?) or can it be fixed? This looks somewhat similar to this: [https://support.mozilla.org/questions/1170738 https://support.mozilla.org/questions/1170738] Thank you. Davide.

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.