Dealing with reused Serial Numbers for CAs

“An error occurred during a connection to You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.”

Many years ago I battled this problem and had different solutions. Today, I got one that worked for Firefox on Fedora 32.


My backing store for my default profile in firefox is /home/ayoung/.mozilla/firefox/x4kktanr.default

To see the certificates I have in that store:

$ pwd
$ certutil -L -d . | grep -i younglogic                                          ,,                                               ,,                                    ,,                                  ,,   
Certificate Authority - HOME.YOUNGLOGIC.NET                  CT,C,

To delete that last one:

certutil  -d . -D -n "Certificate Authority - HOME.YOUNGLOGIC.NET

Then restart Firefox. It holds this in some other cache, perhaps memory, until a restart. Note that the file that backs the certificate database is: cert9.db. It is a SQLite database with a very unfriendly schema.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.