https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-fails-sec-error-reused-issuer-and-serial/m-p/33813#M24809 <HTML><HEAD></HEAD><BODY><P>In the newest PA-OS 3.1.2 seems to be a problem with the Proxy-Certificate.</P><P>If browsing with Firefox, you get "Errocode: sec_error_reused_issuer_and_serial" on all HTTPS-Sites, if you have implented the proxy certificate in the certificat store (and if not, you can surf without problems after click on "ignore security warning"). With Opera, SSL-Connections fails with a "white window", whether you have installed the proxy certificate in the browser certificate store or not.</P></BODY></HTML> Wed, 02 Jun 2010 10:54:42 GMT mhuels 2010-06-02T10:54:42Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-fails-sec-error-reused-issuer-and-serial/m-p/33813#M24809 <HTML><HEAD></HEAD><BODY><P>In the newest PA-OS 3.1.2 seems to be a problem with the Proxy-Certificate.</P><P>If browsing with Firefox, you get "Errocode: sec_error_reused_issuer_and_serial" on all HTTPS-Sites, if you have implented the proxy certificate in the certificat store (and if not, you can surf without problems after click on "ignore security warning"). With Opera, SSL-Connections fails with a "white window", whether you have installed the proxy certificate in the browser certificate store or not.</P></BODY></HTML> Wed, 02 Jun 2010 10:54:42 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-fails-sec-error-reused-issuer-and-serial/m-p/33813#M24809 mhuels 2010-06-02T10:54:42Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-fails-sec-error-reused-issuer-and-serial/m-p/33814#M24810 <HTML><HEAD></HEAD><BODY><P>Please open a case with Support.</P></BODY></HTML> Wed, 02 Jun 2010 11:13:55 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-fails-sec-error-reused-issuer-and-serial/m-p/33814#M24810 tabner 2010-06-02T11:13:55Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-fails-sec-error-reused-issuer-and-serial/m-p/33815#M24811 <HTML><HEAD></HEAD><BODY><P>We did so some days before. But till now, we got no answer.</P></BODY></HTML> Wed, 02 Jun 2010 16:19:31 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-fails-sec-error-reused-issuer-and-serial/m-p/33815#M24811 mhuels 2010-06-02T16:19:31Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-fails-sec-error-reused-issuer-and-serial/m-p/33816#M24812 <HTML><HEAD></HEAD><BODY><P> I believe your SE opened a case regarding this issue yesterday.&nbsp; He has been working with Support so you may want to get in touch with him.</P></BODY></HTML> Wed, 02 Jun 2010 20:27:20 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-fails-sec-error-reused-issuer-and-serial/m-p/33816#M24812 nrice 2010-06-02T20:27:20Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-fails-sec-error-reused-issuer-and-serial/m-p/33817#M24813 <HTML><HEAD></HEAD><BODY><P>Yes, our SE started a support case. Unfortunenately, we got no solution but only a workaround, which did not work. PA recommended to reimport the PA Certificate through the Firefox security warning dialogue. Otherwise we have to wait on version 3.1.3, which "maybe" helps.</P></BODY></HTML> Fri, 04 Jun 2010 10:00:09 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-fails-sec-error-reused-issuer-and-serial/m-p/33817#M24813 mhuels 2010-06-04T10:00:09Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-fails-sec-error-reused-issuer-and-serial/m-p/33818#M24814 <HTML><HEAD></HEAD><BODY><P>A procedrue for exporting/importing the certificate from/to Firefox can be found at the following link.&nbsp; It did work in our lab.</P><P>(outdated link removed)</P></BODY></HTML> Fri, 04 Jun 2010 23:11:14 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-fails-sec-error-reused-issuer-and-serial/m-p/33818#M24814 nrice 2010-06-04T23:11:14Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-fails-sec-error-reused-issuer-and-serial/m-p/33819#M24815 <HTML><HEAD></HEAD><BODY><P>This workaround does not works in our environment.</P><P>First we dont see a certificate hierarchy in the firefox but only the solitary certificate from the HTTPs Server.</P><P>Second we cannot import the server key as a CA key. Firefox says: "this is not a certificate from a certificate authority ...". Please have a look at the gif-attachement.</P><P></P><P>I assume, we have another problem with our certificate. We tried first to generate the certificate with the appliance software, just now we use an imported certificate, build with openssl.</P><P></P><P>Our two 2050 appliances works in a high availability mode.</P></BODY></HTML> Mon, 07 Jun 2010 16:16:52 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-fails-sec-error-reused-issuer-and-serial/m-p/33819#M24815 mhuels 2010-06-07T16:16:52Z