Guidelines

This site is for tech Q&A. Please keep your posts focused on the subject at hand.

Ask one question at a time. Don't conflate multiple problems into a single question.

Make sure to include all relevant information in your posts. Try to avoid linking to external sites.

Links to documentation are fine, but in addition you should also quote the relevant parts in your posts.

Related questions

Categories

Most popular tags

bash linux question2answer php puppet mysql devuan nginx css powershell array ubuntu puppet-bolt apt jq json ruby grafana docker certbot gitlab cron vim firefox goss ssh font partition lvm openssl dns password datetime postfix logger logging html puppet-provider service-management sync gog steam pod kubernetes laravel keepass vssadmin savegame pentiment prometheus promql minecraft-java pager azure bell fluxbox nfs pip locale python tun-device openvpn mirror hetzner-cloud web-search hiera nag-screen youtube responsive-design systemctl ssh-agent windows cups printer bind request-trace label gpg shared-folder virtualbox sector raid disk environment glue-record nis tcp foreman chroot volume mount powerdns puppetdb fact network-interface systemd network java hash sha256

SEC_ERROR_REUSED_ISSUER_AND_SERIAL error from Firefox

0 votes
260 views
260 views

I have a test environment where I frequently deploy VMs for testing purposes. When trying to access the web interface of such a VM with an IP that had already been used before I'm getting a certificate error from Firefox

SEC_ERROR_REUSED_ISSUER_AND_SERIAL

which cannot be bypassed.

A quick web search yielded the recommendation to delete the certificate and CA from the Firefox certificate store. However, I cannot find the (private) CA certificate in the authorities list, and deleting just the server certificate does not resolve the issue.

in Sysadmin
by (115)
2 18 33
edit history

Please log in or register to answer this question.

1 Answer

0 votes
 

I'm not quite sure why Firefox won't display the CA certificate in the GUI, but you can manually remove it from the file cert9.db in your Firefox profile.

sqlite3 cert9.db "DELETE FROM nssPublic WHERE printf('%s',a3)=='LABEL'"

Replace LABEL with the correct value for the certificate you want to remove (usually the subject of the certificate).

The printf() function is needed because the data is stored as BLOBs and must be converted to a string before it can be compared to the reference string.

If you're uncertain about what label to specify you can list all labels like this:

sqlite3 cert9.db "SELECT a3 FROM nssPublic"
by (115)
2 18 33
edit history
Powered by Question2Answer
...