Where did you install Firefox from? Help Mozilla uncover 3rd party websites that offer problematic Firefox installation by taking part in our campaign. There will be swag, and you'll be featured in our blog if you manage to report at least 10 valid reports!

Avatar for Username

Kërkoni te Asistenca

Shmangni karremëzime gjoja asistence. S’do t’ju kërkojmë kurrë të bëni një thirrje apo të dërgoni tekst te një numër telefoni, apo të na jepni të dhëna personale. Ju lutemi, raportoni veprimtari të dyshimtë duke përdorur mundësinë “Raportoni Abuzim”.

Learn More

SEC_ERROR_BAD_SIGNATURE when visiting a site whose CA cert has the same name of another

  • Pa përgjigje
  • 0 e kanë hasur këtë problem
  • 1 parje
Davide Del Grande
Davide Del Grande
more options

Hi.

I have several internal sites, each signed with their own internal CA/subCA. These CAs are all named the same, but have different crypto materials.

If I import just 1 CA into FF (directly or in Windows store with security.enterprise_roots.enabled ), the site with that CA works fine (browser warning is not presented), but ALL those other internal sites give this error:


An error occurred during a connection to 10.1.1.1. Peer’s certificate has an invalid signature. Error code: SEC_ERROR_BAD_SIGNATURE

with no option to add a security exception.

If I add the CA for another site, that one works as well, the others won't. If I remove all the internal CAs, all the sites start working again (with browser warning, ofc.).


I tried in Chrome and Edge and I get the option to create a security exception for the sites for which I did not install their CA, which looks like the ideal/preferrable option to me.


Is this as intended (and why?) or can it be fixed?


This looks somewhat similar to this: https://support.mozilla.org/questions/1170738

Thank you. Davide.

Hi. I have several internal sites, each signed with their own internal CA/subCA. These CAs are all ''' named the same''', but have '''different ''' crypto materials. If I import just 1 CA into FF (directly or in Windows store with security.enterprise_roots.enabled ), the site with that CA works fine (browser warning is not presented), but ALL those other internal sites give this error: ''An error occurred during a connection to 10.1.1.1. Peer’s certificate has an invalid signature. Error code: SEC_ERROR_BAD_SIGNATURE'' with no option to add a security exception. If I add the CA for another site, that one works as well, the others won't. If I remove all the internal CAs, all the sites start working again (with browser warning, ofc.). I tried in Chrome and Edge and I get the option to create a security exception for the sites for which I did not install their CA, which looks like the ideal/preferrable option to me. Is this as intended (and why?) or can it be fixed? This looks somewhat similar to this: [https://support.mozilla.org/questions/1170738 https://support.mozilla.org/questions/1170738] Thank you. Davide.

Duhet të bëni hyrjen te llogaria juaj që t’i përgjigjeni postimeve. Ju lutemi, filloni me një pyetje të re, nëse nuk keni ende një llogari.