User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 After we updated our Mail server certificates, mozilla says (when i'm trying to send a mail) that the serial number and issuer name of the new certificate are the same as another certificate, we're already using. Thats not true cause the 2 certs, we're using have a different serial number (one is 00 and the other 01) and Common Name (CN) under 'issued by'. If i accept the certificate only 'temporarly for this session' the mail is sent, but i need to confirm this window/message every time i'm sending a mail. If I accept it 'always', the next time i'm trying to send a mail, the error message appears. I searched Bugzilla and the web, but i found no information related to this problem exept this thread in a newsgroup: http://groups.google.de/groups?hl=de&lr=&ie=UTF-8&oe=UTF- 8&threadm=1058535771.891485%40seven.kulnet.kuleuven.ac.be&rnum=2&prev=/groups% 3Fq%3Dmozilla%2Binvalid%2Bcertificate%2Bcontains%2Bsame%2Bissuer%2Bname%2Band% 2Bserial%26hl%3Dde%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3D1058535771.891485% 2540seven.kulnet.kuleuven.ac.be%26rnum%3D2 ... which don't takes me further. Reproducible: Always Steps to Reproduce: 1.Generate a new Certificate with new expiration date (on mailserver) 2.configure your mail-prog to use 'ssl for secure connection' 3.try to send a mail... Actual Results: An Window with the following error msg appears: You have recieved an ivalid certificate. It contains the same issuer name and serial number as another certificate you are already using. Please contact the server administrator...etc Expected Results: accept the certificate and send the mail
Assignee: general → ssaux
Component: Browser-General → Client Library
Product: Browser → PSM
QA Contact: general → bmartin
Version: Trunk → 2.4
A common cause of this problem is having a serial number the same as that in the CA's self-signed cert. Please attach screenshots of view/general for each server cert and their issuing CAs.
Assignee: ssaux → jgmyers
I confirm this problem. Please, provide a workaround. Something I could do to make Mozilla forget the old certificate and have me ask if I want to accept the new one. Maybe there is a file I can edit or delete? I want to read my emails.
Its always like that. You spend 15-30 minutes to figure out how to fix a problem, then report it. 1 minute (literally) after reporting it, I found how to fix my problem. I searched for a certificate to delete. Turns out that my mail server was considered an authority, where I did not think of searching. When I deleted my mail server from the authority list, I could once again accept the certificate. It would be nice that when the error message pops-up, that it gives you the option to discard the old certificate and accept the new one. It would be simpler to the user. The warning should be bold, so the user can suspect of something fishy going on.
*** This bug has been marked as a duplicate of 219980 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.