Hi, I'm building a simple web tool box and i use a self-signed certificate for HTTP SSL encryption. Furthermore, I'll use client certificate for authentication. If i add an exception for the website, i can't later on install my client certificate (error message: the PKCS #12 operation failed for unknown reasons). If i first add the client certificate, i can't then access the website to add an exception: sec_error_reused_issuer_and_serial Even if i first add the my CA, it doesn't help. Please find below the method i used to create my certificates: #!/bin/bash set -e # Create the CA Key and Certificate for signing Client Certs openssl genrsa -out ca.key 4096 openssl req -new -x509 -days 3650 -key ca.key -out ca.crt # Create the Server Key, CSR, and Certificate openssl genrsa -out server.key 2048 openssl req -new -key server.key -out server.csr # We're self signing our own server cert here. This is a no-no in production. openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt # Create the Client Key and CSR openssl genrsa -out client.key 2048 openssl req -new -key client.key -out client.csr # Sign the client certificate with our CA cert. Unlike signing our own server cert, this is what we want to do. openssl x509 -req -days 3650 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt #Build client PKCS12 openssl pkcs12 -inkey client.key -in client.crt -export -out client.pfx Best Regards,