Where did you install Firefox from? Help Mozilla uncover 3rd party websites that offer problematic Firefox installation by taking part in our campaign. There will be swag, and you'll be featured in our blog if you manage to report at least 10 valid reports!

Avatar for Username

Pesquisar no apoio

Evite burlas no apoio. Nunca iremos solicitar que telefone ou envie uma mensagem de texto para um número de telefone ou que partilhe informações pessoais. Por favor, reporte atividades suspeitas utilizando a opção "Reportar abuso".

Learn More

SEC_ERROR_BAD_SIGNATURE when visiting a site whose CA cert has the same name of another

  • Nenhuma resposta
  • 0 têm este problema
  • 1 visualização
Davide Del Grande
Davide Del Grande
more options

Hi.

I have several internal sites, each signed with their own internal CA/subCA. These CAs are all named the same, but have different crypto materials.

If I import just 1 CA into FF (directly or in Windows store with security.enterprise_roots.enabled ), the site with that CA works fine (browser warning is not presented), but ALL those other internal sites give this error:


An error occurred during a connection to 10.1.1.1. Peer’s certificate has an invalid signature. Error code: SEC_ERROR_BAD_SIGNATURE

with no option to add a security exception.

If I add the CA for another site, that one works as well, the others won't. If I remove all the internal CAs, all the sites start working again (with browser warning, ofc.).


I tried in Chrome and Edge and I get the option to create a security exception for the sites for which I did not install their CA, which looks like the ideal/preferrable option to me.


Is this as intended (and why?) or can it be fixed?


This looks somewhat similar to this: https://support.mozilla.org/questions/1170738

Thank you. Davide.

Hi. I have several internal sites, each signed with their own internal CA/subCA. These CAs are all ''' named the same''', but have '''different ''' crypto materials. If I import just 1 CA into FF (directly or in Windows store with security.enterprise_roots.enabled ), the site with that CA works fine (browser warning is not presented), but ALL those other internal sites give this error: ''An error occurred during a connection to 10.1.1.1. Peer’s certificate has an invalid signature. Error code: SEC_ERROR_BAD_SIGNATURE'' with no option to add a security exception. If I add the CA for another site, that one works as well, the others won't. If I remove all the internal CAs, all the sites start working again (with browser warning, ofc.). I tried in Chrome and Edge and I get the option to create a security exception for the sites for which I did not install their CA, which looks like the ideal/preferrable option to me. Is this as intended (and why?) or can it be fixed? This looks somewhat similar to this: [https://support.mozilla.org/questions/1170738 https://support.mozilla.org/questions/1170738] Thank you. Davide.

Deve iniciar a sessão com a sua conta para responder às mensagens. Por favor, comece uma nova pergunta, se ainda não tiver uma conta.