Bugzilla – Bug 135269
Mozilla & Thunderbird TLS mail complains of dup serial number
Last modified: 2008-06-25 09:53:05 UTC
Mozilla mailer 1/7/12 and Thunderbird 1.0.6 (20050715) complain about duplicate serial number: Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number. This is a self signed certificate with serial number 00 from my Web hosting company. This problem is not in the Mozilla mailer 1.7.12 and Mozilla Thunderbird version 1.0 (20041207) in SuSE 9.3, nor in Sylpheed-claws 1.0.3 in SuSE 10.0, nor in Debian Thunderbird 1.0.3.
Sorry but I cannot follow you here. Which serial number do you mean? The mozilla projects are free software and do not have any serial number. Then you mention a certificate: What certificate do you mean?
The second paragraph is the error message reported by Mozilla mailer and Thunderbird. I would guess that the certificate in question is the server's certificate. I have looked at the server's certificate and it is a self signed certificate with serial number "00" and most of the fields left blank. Since SuSE 9.3 and SuSE 10.0 are both at Mozilla 1.7.12, i expect that the problem is in the root certificates bundled with the browser. Note: this happens with SSL SMTP as well as TLS SMTP.
And what SSL-certificate creates this problem? I hope you understand that we cannot ``fix'' or change broken 3rd party SSL certificates. If this is a problem located in the browser's engine, we will look into it. But we will have to know what (valid) certificate(s) provoke the problem (provide some example URLs, please).
Created attachment 58470 [details] Mozilla certificate file The SMTP server is at server.noise.org. I don't know how to get a copy of the certificate for you. The Mozilla mailer and Thunderbird packages for SuSE 9.3, Sylpheed for SuSE 10.0, Debian Thunderbird all consider this certificate acceptable, only Mozilla and Thunderbird for SuSE 10.0 consider this a problem. Digging into the stored certificates, I find two self signed 3rd party certificates with the same serial number. Since they have different certificate authorities, they should not be considered duplicates. I have configured Sylpheed to access the same two servers and it has no problem with the same serial number from different certificate authorities. I will attach the Mozilla cert8.db. The two certificates in question are for server.noise.org and austinblues.dyndns.org.
Created attachment 58471 [details] Thunderbird certificates This is the Thunderbird certificate file.
Created attachment 58472 [details] Mozilla certificate file with trash & expired certs deleted This is the Mozilla certificate file with expired and garbage certificates deleted. The relevant certificates are for server.noise.org and austinblues.dyndns.org.
Please try the failing applications with a new profile. I suspect that there are certificates imported which conflict. If a new profile works you should clean up your cert database.
(In reply to comment #7) > Please try the failing applications with a new profile. > I suspect that there are certificates imported which conflict. If a new profile > works you should clean up your cert database. > I have two certificates in my database from DIFFERENT Certificate Authorities with the same serial number. Removing one allows the other server to be accessed. However, the error message implies that they are from the same authority. They are not. I see no reason to require serial numbers be unique across all Certificate Authorities. If there is such a requirement, please point out the section in the standards that makes such a requirement.
Unique serial numbers are only required from the same CA. I never claimed that they have to be unique across CAs. But as you tested out Mozilla and Thunderbird seem to think that both are the same. Which versions have you compared exactly? So far I know: mozilla on 9.3 works thunderbird on 9.3 works mozilla on 10.0 doesn't work thunderbird on 10.0 doesn't work (these are all the latest YOU provided packages?) Which version is your debian Thunderbird? Have you tried thunderbird provided by mozilla.org (1.0.6 or 1.0.7)?
As far as I remember all versions are as supplied by the respective vendors. The SuSE 9.3 and Debian Sarge computers were up to date as of Monday. The SuSE 10.0 computer is up to date as of the time of this post, Friday morning. The SuSE 9.3 computer has crashed and I can't remotely reboot it. I will check when I get home Saturday. SuSE 10.0: mozilla-1.7.11-9.2 MozillaThunderbird-1.0.6-8 SuSE 9.3 (as reported by apps) Mozilla 1.7.12 Thunderbird 1.0 (20041207) Debian Sarge: mozilla-thunderbird: Installed: 1.0.2-2.sarge1.0.7
Bug status checkup. This bug has not been updated in over a year and half now. Does this problem persist in the latest version of thunderbird on 10.0? Does this problem persist in the latest version of thunderbird on 10.1, 10.2 or Factory (10.3 alpha 5 at this time)? Jeff: Please update this information, otherwise I'll update the status to WONTFIX to keep the database clean.
mass reopening all SuSE Linux bugs that are set to REMIND+LATER to change the resolution to WONTFIX (adapting to new policy)
Closing old LATER+REMIND bugs as WONTFIX - if you still plan to work on it, feel free to reopen and set to ASSIGNED. In case the report saw repeated reopen comments, it's due to bugzilla timing out on the huge request ;(