or how to remove bad certificate manually
I decided to configure automatic switching between main optical internet channel and satellite backup.
With old Asus router. And I've got SEC_ERROR_REUSED_ISSUER_AND_SERIAL after changing device IP address.
It is well known problem, you have to remove stored certificate for this host/issuer. Mozilla developers even published manual:
Removing all obvious records didn't help. I have to notice, that FireFox doesn't show invalid certificat information in
page info at all, like if it doesn't exist.
Chrome doen't work with so old SSL version. But Chromium is OK :)
So, I could see certificate details like Name, Issuer, Serial, etc. then found and removed still several records.
Internet says that deleting cert9.db helps. Ok, but it contains all other vaid certificates. So, I've opened
this SQLite file and inspected it. There is useful Lunix tool sqlitebrowser. Is is obvious, that a3 field is the name of
certificate. If you look at DB indexes, you can see that a81 is Issuer, but there is some binary header here.
I didn't find anything interesting in names.
But last record contained Serial of 'bad' certificate in a81 field. Removal of this record helped.
Looks like sometimes we have to remove certificates from browser DB manually.