FireFox issues error sec_error_reused_issuer_and_serial

14 Sep

One of the thing I hate about firefox is that when you have internal certificates like those issued by HP Integrated Lights-Out’s (iLO) web page, you have to confirm to download the cert and add it to your cert store. There is no one-click solution to this as yet and neither can I disable this in FireFox even if I only intend to use it in an intranet environment.

More troublesome is when I update the firmware in my iLO and hence a new certificate is generated and when you try to launch the web page for iLO access again you will encounter the following error.

Error code: sec_error_reused_issuer_and_serial

It took me a while to figure it out from googling, but the solution is simply to delete the cert8.db from your FireFox profile, usually found in  C:\Documents and Settings\<yourname>\Application Data\Mozilla\Firefox\Profiles\<yourprofile>. Easier still just search for cert8.db in your computer and delete that file.

Oh….. you need close FireFox first


Posted by on September 14, 2009 in General


24 responses to “FireFox issues error sec_error_reused_issuer_and_serial

  1. Kirk M. Schafer

    January 1, 2010 at 11:41 pm

    I encountered this article with respect to HP network printers causing this problem and…while not perfectly congruent, would like to offer that rather than deleting a certificate store file outright, it may be preferable to use Firefox’s interface for certificate management, at:

    Tools | Options | Advanced | Encryption | [View Certificates] | Servers

    Then, it’s simply necessary to locate the applicable certificate (occasionally identified by an IP address), and [Delete] it. This resolved the issue on our networks, and it may be the preferred method to keep the Firefox user profile intact…as well as not purge certificates you might desire to keep. Some writeups recommend [Add Exception] immediately following, but this appears to malfunction in FF’s 3.5.x line, and resolution seems to require revisiting the page in the browser.

    Perhaps when some of the emerging free root CA’s succeed for their approval in FF, HP and other companies can use those instead of using self-signed certs that mitigate the annual-subscription-cost-per-device issue that otherwise exists.

    • saltwetfish

      January 4, 2010 at 1:49 am

      Hey Kirk,

      Thanks for the recommendation!

  2. Nagaraj

    May 30, 2010 at 11:49 am

    If the error is

    Error code: sec_error_reused_issuer_and_serial

    Deleting the sert8.db is the right way and the best way.

    Thanks mate

  3. Nagaraj

    May 30, 2010 at 11:50 am

    sorry the file to delete is cert8.db

  4. Magnus

    October 6, 2010 at 8:19 am

    Deleting the cert8.db didnt work for me.. still cant enter some sites such as facebook and my hotmail.

    • saltwetfish

      October 9, 2010 at 4:01 am


      Something else looks wrong with your FF if this doesn’t work…have you tried alternative browsers to see if you can get going?

  5. P

    March 9, 2011 at 8:45 pm

    Thanks for that, saved me from constantly resorting back to IE8 whenever I had to login certain site!

  6. alwayslurking

    April 26, 2011 at 3:25 pm

    Since this is top hit for this error on google, I thought I’d add this link, which adds the all-important second step of deleting the self-certifying authority as well as the certificate if you want to be more surgical than just deleting the whole cert8.db file:


  7. DBdata

    June 2, 2011 at 11:03 pm

    It is FRIGHTENING how patronizing Mozilla is becoming. And let’s not forget paranoid. A “valid” SSL certificate means that Verisign swears and attests to the fact that my check has cleared their bank and nothing more.

    Firefox needs, on the “advanced” set-up page, a checkbox that states “I know more about how I want to use my computer than you do, so please just do what I ask and stop trying to save me from things”

    • Frank Waller

      July 31, 2014 at 7:14 am

      I would even go so far as giving it an option to IGNORE any SSL errors on specified internal networks… because even so it might be a good idea to prevent access to some self signed ssl or java code running on a north korean server (just picked to signify universal evil) BUT as an IT administrator I am konstantly blocked out from valuable older tools within my OWN NETWORK!!! I don’t want to see any bloody warning about that as well… even less beeing blocked from using tools that are working fine but are just not signed to the latest paranoid fashion…
      We need a @Seriously ACCEPT ALL FROM this SOURCE and SKIP all OTHER STUPID TESTES!!!

  8. VigRoco

    October 11, 2011 at 2:42 pm

    Thanks! Worked like a charm.

  9. Cesare

    January 18, 2012 at 10:55 pm

    A big thank you from Italy!
    Problem solved in few seconds.

  10. Scott

    March 28, 2012 at 7:16 am

    This also applies to Dell iDRAC

  11. ForeverDisappointed

    July 15, 2012 at 5:12 am

    Echoing alwayslurking above, it’s probably best to follow this advice from first:

    Of course, it may not help if you’re working on a router and the router IS NOT LISTED IN THE SERVERS TAB for certificates. Thanks mozilla. 😦

    • Kelvin Wong

      July 15, 2012 at 11:57 pm

      Well so far I have only encountered this problem with Firefox but not IE…so I think FF should really solve this issue

    • imbezol

      April 2, 2013 at 7:02 am

      FF doesn’t even tell you which server cert is problematic, nevermind providing a button to remove it.

  12. mohamed ali

    September 15, 2012 at 6:41 pm

    i cant find the file cert8.db

    • Kelvin Wong

      September 18, 2012 at 10:30 am

      what version of FF are you using? If its not there, then it could be another issue, not this.

  13. iskander

    September 29, 2012 at 4:11 am

    thank you Kelvin, I have this problem since few days and I don’t know how it is resolved but each boot it comes back ! so I have found the file you speak (cert8…), and the next reboot I will delet it. I think this problem will be definivly solved, I hope !
    anyway thank you dude !

  14. Imrul Kayes

    November 8, 2014 at 9:11 pm

    I use 33.0.3 of firefox . I deleted cert8.db . but still I cannot access gmail for error sec_error_reused_issuer_and_serial

  15. Almir Dz

    April 10, 2015 at 3:24 am

    Thank you!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: