Been playing with the new developer mode, and kept getting certificate errors SEC_ERROR_REUSED_ISSUER_AND_SERIAL
Looked at the code a bit, and if I understood correctly you re-use the serial number from the upstream cert?
Did a minor patch, re-using your CA cert serial generation code to have random serials to work around this issue, which works a lot smoother for me:
diff --git a/core/certdb.go b/core/certdb.go
index 01d7e53..997f195 100644
--- a/core/certdb.go
+++ b/core/certdb.go
@@ -314,8 +316,14 @@ func (d *CertDb) SignCertificateForHost(host string, phish_host string, port int
if srvCert == nil {
return nil, fmt.Errorf("failed to get TLS certificate for: %s", host)
} else {
+ serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
+ serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
+ if err != nil {
+ return nil, err
+ }
+
template = x509.Certificate{
- SerialNumber: srvCert.SerialNumber,
+ SerialNumber: serialNumber,
Issuer: x509ca.Subject,
Subject: srvCert.Subject,
NotBefore: srvCert.NotBefore,
Not sure what the consequences of this approach are, or what the reasoning was of re-using the original serial - first time playing with this tool so I may just be doing things the wrong way.
Let me know if you'd like me to fork and create a PR.