I can't open a site. Problem is persisting a long time ago and never solved
I can't open a site via https://<ip-address>. How is this possible using one of the most popular browser in the world? In google chrome, edge, internet explorer, safari are working normally. Below the information about the error.
I'm trying to connect to a particular webbrowser tool. So we have two servers installed one is 36 and the other is 37 as the image attached.
Secure Connection Failed
An error occurred during a connection to 10.32.209.36. You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.
Error code: SEC_ERROR_REUSED_ISSUER_AND_SERIAL
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.
All Replies (20)
- In the Location bar, type about:config and press Enter. The about:config "This might void your warranty!" warning page may appear.
- Click I'll be careful, I promise! to continue to the about:config page.
- copy the next security.ssl.enable_ocsp_stapling and paste it in the search field
- double-click on it to make it false
- close the page, exit firefox and restart it.
probably the problem is the web site, when the problem resolved by the site, go back and switch the setting to true again.
I've done this before and did not help me. The problem is still persisting. The problem is not the website 'cause i can access it using chrome or other browsers.
Thank you, Luiz
Based on the error description, an "exception" might have been saved for this exact certificate before for a different server. You could try deleting the old one. You can check that here:
- Windows: "3-bar" menu button (or Tools menu) > Options
- Mac: "3-bar" menu button (or Firefox menu) > Preferences
- Linux: "3-bar" menu button (or Edit menu) > Preferences
- Any system: type or paste about:preferences into the address bar and press Enter/Return to load it
In the search box at the top of the page, type cert and Firefox should filter to the "Certificates" section where you can click the "View Certificates" button.
Check the Servers mini-tab for any addresses that may have used that certificate and you can remove the exception.
I did it before and the problem is: If i delete the certificates and open one of the sites(X.X.X.36 or X.X.X.37) can access it but the other one i can't. I don't know the reason for that.
Hi Luiz, I guess Firefox doesn't allow exceptions for one certificate for two sites. Do you control the certificates? Maybe you can create a different one for .37. Or is it really the same site with two aliases? In that case, perhaps it can be fixed with a Subject Alternate Name field (not sure if that works for IP addresses).
These servers are different. Because we're using two instances with the same application but differents ip addresses. It can be using the same certificate, but why firefox is not working and others are?
I can't create a different one.
Hi Luiz, there is no official Mozilla phone support. There are private vendors that charge your credit card or want to come into your system, some of which are pure scams. Please be VERY careful when dealing with those guys.
How did you get that number? Was it a private message here?
The phone was posted when i published the question. See the last image i have attached.
Here is the image.
Oh, I didn't see your question until about 2 hours after you posted it, so if someone spammed you with their support number before I joined the thread, I didn't see it. Sorry about that.
There have been two spam replies posted in this thread (currently hidden) offering third-party support and include a phone number.
You should ignore these replies as they are not for official Firefox support.
(I will hide your reply and remove the phone number you posted)
Modified by cor-el
Anyone could help me on that? I'm still facing the issue.
Thank you, Luiz
Modified by polli.luiz
I think you need different certificates between the two servers, or list both servers in the Subject Alt Name field if you can.
How can i do that? If this is the problem in the server side, so, why others browsers are working fine?
Thank you, Luiz Polli
Hi Luiz, I don't know how to issue a certificate for a server you access via IP address. With domains, the Subject Alt Name (SAN) extension lists all the domains for which the certificate is valid.
Firefox is objecting to duplicate serial numbers for different servers more than it used to, but I don't know why that has changed.
I don't know why they changed that.
I like Mozilla a lot, for this reason i cannot use it anymore. Thank you anyway jscher. Really appreciate.
You do have the option to file a new bug and see whether they know of a workaround or can make a change in a future version.
Sure. Good to know about that.
Thank you one more time jscher.
Just to clarify... which one of these are you encountering:
You cannot log into any Google services because you do not get the sliding form to enter your password?
You can log in but Google doesn't redirect you back to the application you requested?
If you are getting a blank page, please make sure the redirect block is turned off:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.
(2) In the search box above the list, type or paste access and pause while the list is filtered
(3) If the accessibility.blockautorefresh preference is bolded and "modified" or "user set" to true, double-click it to restore the default value of false
Thank you for the response. Neither of the options you wrote above were encountered.
The problem here is: I cannot access one of two servers "WITH" same ssl certificate. Firefox do not let me access. Others browsers i can access normally.
Modified by polli.luiz