Where did you install Firefox from? Help Mozilla uncover 3rd party websites that offer problematic Firefox installation by taking part in our campaign. There will be swag, and you'll be featured in our blog if you manage to report at least 10 valid reports!

Avatar for Username

تلاش سپورٹ

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

SEC_ERROR_BAD_SIGNATURE when visiting a site whose CA cert has the same name of another

  • کوئی جواب نہیں
  • 0 میں یہ مسئلہ ہے
  • 1 دیکھیں
Davide Del Grande
Davide Del Grande
more options

Hi.

I have several internal sites, each signed with their own internal CA/subCA. These CAs are all named the same, but have different crypto materials.

If I import just 1 CA into FF (directly or in Windows store with security.enterprise_roots.enabled ), the site with that CA works fine (browser warning is not presented), but ALL those other internal sites give this error:


An error occurred during a connection to 10.1.1.1. Peer’s certificate has an invalid signature. Error code: SEC_ERROR_BAD_SIGNATURE

with no option to add a security exception.

If I add the CA for another site, that one works as well, the others won't. If I remove all the internal CAs, all the sites start working again (with browser warning, ofc.).


I tried in Chrome and Edge and I get the option to create a security exception for the sites for which I did not install their CA, which looks like the ideal/preferrable option to me.


Is this as intended (and why?) or can it be fixed?


This looks somewhat similar to this: https://support.mozilla.org/questions/1170738

Thank you. Davide.

Hi. I have several internal sites, each signed with their own internal CA/subCA. These CAs are all ''' named the same''', but have '''different ''' crypto materials. If I import just 1 CA into FF (directly or in Windows store with security.enterprise_roots.enabled ), the site with that CA works fine (browser warning is not presented), but ALL those other internal sites give this error: ''An error occurred during a connection to 10.1.1.1. Peer’s certificate has an invalid signature. Error code: SEC_ERROR_BAD_SIGNATURE'' with no option to add a security exception. If I add the CA for another site, that one works as well, the others won't. If I remove all the internal CAs, all the sites start working again (with browser warning, ofc.). I tried in Chrome and Edge and I get the option to create a security exception for the sites for which I did not install their CA, which looks like the ideal/preferrable option to me. Is this as intended (and why?) or can it be fixed? This looks somewhat similar to this: [https://support.mozilla.org/questions/1170738 https://support.mozilla.org/questions/1170738] Thank you. Davide.

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.