3CX DLL-Sideloading attack: What you need to know
I am seeing this error intermittently when browsing in Firefox on a device with SSL/TLS decryption of HTTPS websites enabled. I have the ImportEnterpriseRoots setting enabled in Firefox to import the Sophos root CA. Browsing will work for a period of time and I can see looking at the certificate chain that the root CA is a Sophos one so HTTPS Interception is working. However, after period of time (usually a few hours) any sites I browse to will generate the following error SEC_ERROR_REUSED_ISSUER_AND_SERIAL. If I close and reopen all browser windows, I am able to successfully browse to the same sites again.
Googling this error points to articles that mention that deleting the certificates or CAs that cause the issue but this is not sustainable when we look to roll this out to 500 users. https://support.mozilla.org/en-US/kb/Certificate-contains-the-same-serial-number-as-another-certificate
Looking at the certificate authority in Windows for the Sophos Endpoint, it looks to be generated today. Is it a case that the certificate is not a static certificate but is one that changes regularly and could this be causing this issue?
Restoring Firefox back to all default settings seems to have resolved the issue for me.