The Sec_Error_Reused_Issuer_And_Serial is a reported issue on nearly all the major browsers (Firefox, Chrome, Edge, etc.) and operating systems (Windows, Linux, Mac, etc.) including servers. The issue occurs when a user tries to access a particular web address (either of the local server or a website like Facebook). For some users, the issue occurs on nearly all websites and email applications. Usually, the following type of message is shown:
The sec_error_reused_issuer_and_serial is an indication that a certificate that is already present on the system is being reused by another server/IP. This warning may come either due to user end issues on the server-related problems. It is not possible to cover the server-related errors in detail (some suggestions are discussed at the end of the article) but on the user end, this behavior is mainly caused by:
- Corrupt Certificate Manager of the Browser: If the browser’s certificate manager has become corrupt, then it may fail to load the certificate in question and thus cause the issue.
- Corrupt Browser Cache: If the browser’s cache is corrupt, and when the browser tries to fetch the problematic certificate from the cache, it may throw the current security error.
- Interference from the Security Application: If the SSL protocol filtering of the antivirus is changing the headers of the websites in a way that the browser “thinks” is risky, then it may show the sec_error.
- Router Issues: If the router’s firmware is corrupt or its flood protection mechanism is blocking access to certain web addresses (including the problematic websites), then a user may encounter the issue under discussion.
Try Another Browser
The sec_error_reused_issuer could be a result of a temporary issue with the browser in use (e.g., Firefox), and using another browser may solve the problem. Before proceeding, check if relaunching the problematic browser clears out the error. If you are using the Chrome browser, then before trying another browser, check if typing thisisunsafe (without clicking on any links) on the error page lets you access the website.
- Download and install another browser on the system (if already not installed).
- Now launch the problematic website in the second browser and check if it is working fine.
Delete the Problematic Certificate from the Application
If a certificate is already having an exception in a browser or application’s database and a similar certificate (with the same serial number) is served by a website, then the application (like Outlook) or browser may throw the Sec_Error_Reused_Issuer_And_Serial error. In such a case, deleting the old exception for the certificate in the application or browser’s certificate manager may solve the problem.
Proceed at your own risk as an attack (especially, MITM attack) on the system/network may cause similar symptoms and, in that case, deleting the certificate can harm the system, data, or network.
Delete the Problematic Certificate in the Firefox
- Launch the Firefox browser and open its menu by clicking on the hamburger menu in the top right.
- Now select Settings and in the left pane, head to the Privacy and Security tab.
- Then scroll down till the Certificates section is shown and then click on the View Certificates button.
- Now, in the resulting window, head to the Server tab and check if the problematic certificate is shown. You may find it by the IP Address or DNS name.
- If so, delete the certificate and head to the Authorities tab.
- Now click on Delete or Distrust to the CA related to the problematic certificate.
- Then confirm to complete the deletion action and close the Firefox window.
- Now restart your system and upon restart, check if the browser’s sec error is cleared.
If the issue is not limited to a particular website but is caused by the router, then check if deleting the router certificates (like the Netgear server certificates) in the browser solves the problem.
Delete the Problematic Certificate for An Email Application
- Firstly, exit the problematic email application (like Outlook or Bluehost).
- Then click Windows, search and open Internet Options.
- Now head to the Content tab and click on the Certificates button.
- Then select the certificate from the problematic website and click on Remove.
- Now restart your system and upon restart, launch the email client to check if the reused certificate error is cleared.
Delete the Certificate File from the AppData directory of the Browser
If the certificate file got corrupted and not shown in the browser’s certificate tab, then deleting the file from its location in the AppData directory of the browser (e.g., Firefox) may solve the problem.
- Firstly, make sure to exit the browser (e.g., Firefox) and end its related processes in the Task Manager.
- Then, right-click on Windows and select Run.
- Now, navigate to the following path:
- Then open your profile folder and delete the cert9.db file. Some old Firefox installations may show cert8.db, if so, delete that file.
- Now delete the cert_override.txt file as well and launch the browser to check if the browser can access the problematic websites.
In the case of a Mac, you may execute the following in the Terminal and relaunch Firefox to solve the security error:
rm ~/Library/Application\ Support/Firefox/Profiles/*/cert*.db
Clear the Browser Cache
Browsers tend to create a cache of frequently used web content and if the browser’s cache is corrupt or a similar certificate is present in the browser’s cache, then the browser may throw sec_error_reused_issuer_and_serial error. In this context, clearing the browser’s cache may solve the problem.
- Launch the Firefox browser and click on the hamburger icon (near the top right).
- Now open Settings and head to the Privacy and Security tab.
- Then scroll down till the Cookies and Site Data is shown and click on the Clear Data button.
- Now, checkmark the Cached Web Content and click on the Clear Data button.
- Then relaunch the Firefox browser and check if the problematic websites can be accessed without issue.
- Launch the Chrome browser and in the right corner, click on three vertical ellipses to open the Chrome menu.
- Now hoover over More Tools and select More Tools>> Clear Browsing Data.
- Then checkmark the following and make sure others are unchecked:
Cookies and Other Site Data Cached Images and Files
- Now click on the Clear Data button and once done, relaunch the Chrome browser to check if the sec_error is cleared.
Restore the Browser to the Factory Defaults
A mere misconfiguration of browser settings may cause the sec_error under discussion and restoring the browser to the factory defaults may solve the problem. Keep in mind a misconfiguration of one browser may trigger the behavior on other browsers, so, you may have to restore all the browsers on the system to the factory defaults. Before proceeding, make sure to back up the essential data/info
- Launch Firefox browser and head to its Menu by clicking on the hamburger icon in the top right.
- Now select Help and open More Troubleshooting Information.
- Then click on Refresh Firefox and afterward, confirm to refresh Firefox.
- Now relaunch Firefox and check if it is clear of the sec_error problem.
- Launch the Chrome browser and in the top right, click on the three vertical ellipses to open the Chrome menu.
- Now select Settings and expand Advanced.
- Then head to the Reset and Cleanup tab.
- Now, in the right pane, click on Restore Settings to Their Original Defaults and then confirm to restore Chrome’s settings.
- Afterward, relaunch the Chrome browser and check if the sec_error issue is resolved.
- Open the Edge browser and click on the three horizontal ellipses (in the top right).
- Now, select Settings, and in the left pane, head to the Reset Settings tab.
- Then, in the right pane, click on Restore Settings to Their Default Values, and afterward, confirm to restore the settings.
- Now relaunch the browser and check if the browser’s security error is cleared.
Keep in mind that Internet Explorer manages many of the Internet settings on a Windows PC and its misconfiguration may impact all the browsers on the system. Here, resetting the Internet Explorer may solve the problem.
- Click Windows, search for Internet Options, and open it.
- Now, head to the Advanced tab, and under Reset Internet Explorer Settings, click on Reset.
- Then checkmark Delete Personal Settings and click on Reset.
- Once done, check if the system is clear of the sec_error_reused issue.
If not and the issue started after a browser update, then check if rolling back the browser update or installing an older version of the browser solves the problem.
Disabling SSL Filtering of the Security Software or Uninstall it
If the security suite of the PC (Kasperksy and ESET are reported to cause the issue) is interfering with the network packets in a way that triggers the browser security, then the browser may show the sec_error_reused_issuer_and_serial. In this context, disabling SSL protocol filtering of the security software or uninstalling it may solve the problem.
Proceed at your own risk as editing the security product (antivirus, firewall, antimalware, etc.) settings may expose the system, data, or network to threats.
Disable SSL Protocol Filtering of the Security Product
- Expand the system’s tray and right-click on the security application (e.g., ESET).
- Now select Advanced Setup and in the left pane of the resulting window, head to the Web and Email Protection tab.
- Then, in the right pane, expand SSL/TLS and toggle the switch for Enable SSL/TLS Protocol Filtering to the off position. For some antivirus applications, a user might have to uncheck Enable HTTPS Scanning or disable Control URLs.
- Now apply your changes and afterward, check if the sec error is cleared.
Uninstall the Security Product of Your System
- Right-click Windows and open Apps & Features.
- Now expand the security application (e.g., ESET) and click on Uninstall.
- Then confirm to uninstall the security application and afterward, restart your system.
- Upon restart, check if the sec_error_reused_issuer problem is solved.
Try Another Network
The sec_error_reused_issuer problem could be a result of a temporary issue with the router or current network. In such a case, trying another network may let a user access the problematic websites.
- Firstly, disconnect the problematic system from the current network in use (either ethernet or Wi-Fi).
- Now connect to another network (like a mobile phone’s hotspot) and check if the security error is cleared.
- If not, then check if the mobile browser can access the problematic website without the issue.
If the issue was resolved with another network, make sure the flood protection mechanism of the router (LAN ping flood protection or Security > Attack Checks > Block UDP Flood) is not triggering the issue. If that did not work, then check if resetting the router to the factory defaults solves the problem.
If that did not work, check if changing the device binding in the following router settings solves the problem:
Security>> Address Filter>> IP Mac Bindings
If the issue occurred after a router firmware upgrade, check if downgrading the router firmware solves the problem.
Suggestions For Server-related Issues:
Until now, we tried to cover the issue from a user’s point of view but for server-related issues, you may try the following suggestions reported by users to solve the problem as it is practically impossible to cover all the scenarios on a server causing the issue.
- Check if changing the IP address of the problematic server clears out the issue.
- If you are using the GitLab runner application, then check if downgrading its version solves the problem.
- If the issue has occurred while setting up SSL in Cloudflare, then make sure the Domain Locking of the problematic website is not causing the issue.
- If any of your servers are using iDRAC (Integrated Dell Remote Access Controller), then check if updating or downgrading its firmware solves the problem.
- If you are using Sophos protection, then check if installing MR4 clears out the error.
- If you cannot log into the server, check if you can log into the server by using SSH. If successful, check if changing the protocol from HTTPS to HTTP solves the problem.
- If the problematic server is using an outdated infrastructure, then check if using an older version of Java solves the problem. If your server uses iDRAC, then check if removing RC4 (or SSL3) in the line
tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024,
from the following file solves the problem:
- Check if renaming the problematic server clears out the problem.
- Last but not least, check if re-adding the certificate (you can get one from Let’s Encrypt) to the server solves the problem. You may have to use SSH, racadm, etc. to add the certificate if GUI is not accessible. In the case of a public CA, you may have to get the certificate signed again with a different serial. In case, a self-signed certificate is being used, make sure its renewal date is less than 398 days.