Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Self Signed certificate issues

  • 5 replies
  • 1 has this problem
  • 27 views
  • Last reply by alexnasseh

more options

I have been using Firefox for years now, but since an update a couple of months back, when I deploy a new internal site I receive an error stating that the "Secure Connection Failed" because of "Error code: SEC_ERROR_REUSED_ISSUER_AND_SERIAL". There is a official workaround explaining how to bypass this issue, however it doesn't work. I have tested the same sites with Chrome, Edge, IE and it always works why is Firefox suddenly not working? Below are images of my local lab replicating the issue.

Attached screenshots

Chosen solution

Try to rename the cert9.db file (cert9OLD.db) and remove the previously used cert8.db file in the Firefox profile folder with Firefox closed to remove intermediate certificates and exceptions that Firefox has cached.

If this has helped to solve the problem then you can remove the renamed cert9OLD.db file. Otherwise you can undo the rename and restore cert9.db.

You can use the button on the "Help -> More Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page.

Read this answer in context 👍 1

All Replies (5)

more options

Perhaps you saved an earlier certificate with the same "serial number" (not sure what number that is). Can you check here:

  • Windows: "3-bar" menu button (or Tools menu) > Options
  • Mac: "3-bar" menu button (or Firefox menu) > Preferences
  • Linux: "3-bar" menu button (or Edit menu) > Preferences
  • Any system: type or paste about:preferences into the address bar and press Enter/Return to load it

In the search box at the top of the page, type cert and Firefox should filter to the "Certificates" section. Click the "View Certificates" button.

Change to the "Servers" list. Do you have an older certificate for this server here? If so, select and Delete it and see whether that allows saving a new exception.

Helpful?

more options

Hi jscher2000, Thank you for your answer. This is exactly what the official workaround explains to do. I did that but still can't load the page. This is not the only site that has this issue and per what I saw a lot of people is suffering with the same issue. The link for the workaround is the following.

https://support.mozilla.org/en-US/kb/Certificate-contains-the-same-serial-number-as-another-certificate?s=sec_error_reused_issuer_and_serial&as=s&redirectslug=Certificate+contains+the+same+serial+number+as+another+certificate&redirectlocale=en-US

Helpful?

more options

Hmm, I don't know what other circumstances could cause that error. If Firefox hasn't saved/cached the cert before, it shouldn't be able to determine that it is has a duplicate serial number. Unless there is a glitch in the error description and it's actually something else.

You could file a bug and see whether the developers have a different diagnostic to get a better understanding of the problem: https://bugzilla.mozilla.org/

Okay, one other thought since the error screen refers to importing a certificate when you are just trying to load a URL:

Could Firefox be dynamically importing certificates from the system certificate store? That would occur if you have the security.enterprise_roots.enabled preference enabled. You could try disabling it as a test:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

(2) In the search box in the page, type or paste security.enterprise_roots.enabled and pause while the list is filtered

(3) If the preference is bolded and has a value of true, double-click it to restore the default value of false

Helpful?

more options

Chosen Solution

Try to rename the cert9.db file (cert9OLD.db) and remove the previously used cert8.db file in the Firefox profile folder with Firefox closed to remove intermediate certificates and exceptions that Firefox has cached.

If this has helped to solve the problem then you can remove the renamed cert9OLD.db file. Otherwise you can undo the rename and restore cert9.db.

You can use the button on the "Help -> More Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page.

Helpful?

more options

Thank you for your reply cor-el, after renaming the cert9.db file to cert9OLD.db I am able to open the page. It is showed as "not Secure" but it is opening. I also was able to load the other sites that were not working, but they are all marked as not secure because my home CA was removed. After importing back the CA and reloading Firefox the sites are all loading and marked as secure. Thank you so much for you help on getting this resolved.

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.