After mozilla wont accept the new certificates error msg: "You have recieved an Invalid certificate - issuer name and serial are same as another cert. you are already using"

RESOLVED DUPLICATE of bug 219980

Status

--
major
RESOLVED DUPLICATE of bug 219980
16 years ago
2 years ago

People

(Reporter: Thomas.Baumann, Assigned: jgmyers)

Tracking

1.0 Branch
x86
Windows XP

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

16 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624

After we updated our Mail server certificates, mozilla says (when i'm trying to 
send a mail) that the serial number and issuer name of the new certificate are 
the same as another certificate, we're already using.
Thats not true cause the 2 certs, we're using have a different serial number 
(one is 00 and the other 01) and Common Name (CN) under 'issued by'.
If i accept the certificate only 'temporarly for this session' the mail is 
sent, but i need to confirm this window/message every time i'm sending a mail.
If I accept it 'always', the next time i'm trying to send a mail, the error 
message appears.
I searched Bugzilla and the web, but i found no information related to this 
problem exept this thread in a newsgroup:
http://groups.google.de/groups?hl=de&lr=&ie=UTF-8&oe=UTF-
8&threadm=1058535771.891485%40seven.kulnet.kuleuven.ac.be&rnum=2&prev=/groups%
3Fq%3Dmozilla%2Binvalid%2Bcertificate%2Bcontains%2Bsame%2Bissuer%2Bname%2Band%
2Bserial%26hl%3Dde%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3D1058535771.891485%
2540seven.kulnet.kuleuven.ac.be%26rnum%3D2

... which don't takes me further.

Reproducible: Always

Steps to Reproduce:
1.Generate a new Certificate with new expiration date (on mailserver)
2.configure your mail-prog to use 'ssl for secure connection'
3.try to send a mail...

Actual Results:  
An Window with the following error msg appears:
You have recieved an ivalid certificate.
It contains the same issuer name and serial number as
another certificate you are already using.
Please contact the server administrator...etc

Expected Results:  
accept the certificate and send the mail
Not browser...
Assignee: general → ssaux
Component: Browser-General → Client Library
Product: Browser → PSM
QA Contact: general → bmartin
Version: Trunk → 2.4
(Assignee)

Comment 2

15 years ago
A common cause of this problem is having a serial number the same as that in the
CA's self-signed cert.

Please attach screenshots of view/general for each server cert and their issuing
CAs.
Assignee: ssaux → jgmyers

Comment 3

15 years ago
I confirm this problem.  Please, provide a workaround.  Something I could do to
make Mozilla forget the old certificate and have me ask if I want to accept the
new one.  Maybe there is a file I can edit or delete?  I want to read my emails.

Comment 4

15 years ago
Its always like that.  You spend 15-30 minutes to figure out how to fix a
problem, then report it.  1 minute (literally) after reporting it, I found how
to fix my problem.

I searched for a certificate to delete.  Turns out that my mail server was
considered an authority, where I did not think of searching.  When I deleted my
mail server from the authority list, I could once again accept the certificate.

It would be nice that when the error message pops-up, that it gives you the
option to discard the old certificate and accept the new one.  It would be
simpler to the user.  The warning should be bold, so the user can suspect of
something fishy going on.
(Assignee)

Comment 5

15 years ago

*** This bug has been marked as a duplicate of 219980 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → DUPLICATE

Updated

14 years ago
Component: Security: UI → Security: UI
Product: PSM → Core

Updated

11 years ago
Version: psm2.4 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.