Comment Re:There's another hassle too (Score 1) 733
I don't think you get the error - Firefox isn't warning you because the signing cert (/CA) is unrecognized, it's warning you because it sees two certificates supposedly signed with the same cert (/CA) but which share the same serial number.
Since any two Linksys devices are unrelated, there's no way for one to know which serial numbers are valid for it to use that the other hasn't already taken. Multiply this by the number of Linksys devices out there.
I write firmware for an embedded device, and we have this same problem. Our solution was simply to generate a random signing certificate for each device the very first time it boots, and use that to sign a new certificate any time the IP changes. It's a bit more of a hassle for the user (who now has to add the root cert for each device to his browser's trusted list), but it avoids the nasty error messages. It's also more resistant to a wide-area attack - in theory someone could crack just one Linksys router to get the private part of its root cert, then use that to forge any other router's certificate. It might even be extractable directly from the firmware image.