User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 If I visit two pages in the same session, I get an "Invalid certificate ... has same serial number". I think it is limited to sites with a certificate paths, and "the middle certificate" is the same. Reproducible: Always Steps to Reproduce: 1. Visit https://www.seczone.dk/sqmail/src/login.php 2. Visit https://games.tips.dk/ 3. Actual Results: Alert: You have receieved an invalid certificate....Yor certificates contains the same serial number as another... If I close alle instancies of firefox, it is possible to contact the second site, but then access to the first site is blocked. Expected Results: No alert... Tested on several platforms, all PC based hardware though.
This is a dup of bug 204835. See especially comment https://bugzilla.mozilla.org/show_bug.cgi?id=204835#c17 Each of these servers is serving a cert with serial number: 01:00:00:00:00:00:e5:f2:11:81:ee whose subject name is: "OU=TDC Internet Root CA,O=TDC Internet,C=DK" and whose issuer name is: "CN=GlobalSign Partners CA,OU=Partners CA,O=GlobalSign nv-sa,C=BE" Yet the certs with that description are not identical! The encoding of the signature in one of them has been altered. One is the true cert, and one is an alteration. NSS has detected the presence of a second cert with the same issuer and serial number as another already-seen cert, but which is not identical to it, and has reported it to PSM. PSM has reported it to the user. *** This bug has been marked as a duplicate of 204835 ***