SEC_ERROR_BAD_SIGNATURE when visiting a site whose CA cert has the same name of another
Hi. I have several internal sites, each signed with their own internal CA/subCA. These CAs are all named the same, but have different crypto materials. If I import ju… (läs mer)
Hi.
I have several internal sites, each signed with their own internal CA/subCA. These CAs are all named the same, but have different crypto materials.
If I import just 1 CA into FF (directly or in Windows store with security.enterprise_roots.enabled ), the site with that CA works fine (browser warning is not presented), but ALL those other internal sites give this error:
An error occurred during a connection to 10.1.1.1. Peer’s certificate has an invalid signature.
Error code: SEC_ERROR_BAD_SIGNATURE
with no option to add a security exception.
If I add the CA for another site, that one works as well, the others won't. If I remove all the internal CAs, all the sites start working again (with browser warning, ofc.).
I tried in Chrome and Edge and I get the option to create a security exception for the sites for which I did not install their CA, which looks like the ideal/preferrable option to me.
Is this as intended (and why?) or can it be fixed?
This looks somewhat similar to this: https://support.mozilla.org/questions/1170738
Thank you. Davide.