X
Tap here to go to the mobile version of the site.

منتدى الدعم

(Invalid OCSP signing certificate in OCSP response(Error code: sec_error_ocsp_invalid_signing_cert)

Posted

After this update (31.0), I get this error when I try to go to Fanfiction.net. Is there anything being done, or is there anything I can do? I will not do anything that's open my computer to viruses.

After this update (31.0), I get this error when I try to go to Fanfiction.net. Is there anything being done, or is there anything I can do? I will not do anything that's open my computer to viruses.

Chosen solution

hello granberrydl, ocsp is an advanced security feature in firefox - this error needs to be fixed by the web site in question, so please also contact their support channels and report the issue.

you can temporarily work around the issue and turn off ocsp stapling: enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named security.ssl.enable_ocsp_stapling. double-click it and change its value to false.
since this will slightly lower your security, it is important however, that after a bit of time when the issue gets resolved by the site (maybe try again in 24 hours), you go back and switch the setting to "true" again!

Read this answer in context 62

Additional System Details

Installed Plug-ins

  • Next Generation Java Plug-in 10.65.2 for Mozilla browsers
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Shockwave Flash 14.0 r0
  • Adobe Shockwave for Director Netscape plug-in, version 12.1
  • The plugin allows you to have a better experience with Microsoft SharePoint
  • NPWLPG

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0

More Information

philipp
  • Top 25 Contributor
  • Moderator
5315 solutions 23470 answers

Chosen Solution

hello granberrydl, ocsp is an advanced security feature in firefox - this error needs to be fixed by the web site in question, so please also contact their support channels and report the issue.

you can temporarily work around the issue and turn off ocsp stapling: enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named security.ssl.enable_ocsp_stapling. double-click it and change its value to false.
since this will slightly lower your security, it is important however, that after a bit of time when the issue gets resolved by the site (maybe try again in 24 hours), you go back and switch the setting to "true" again!

hello granberrydl, ocsp is an advanced security feature in firefox - this error needs to be fixed by the web site in question, so please also contact their support channels and report the issue. you can temporarily work around the issue and turn off ocsp stapling: enter '''about:config''' into the firefox address bar (confirm the info message in case it shows up) & search for the preference named '''security.ssl.enable_ocsp_stapling'''. double-click it and change its value to '''false'''. <br>since this will slightly lower your security, it is important however, that after a bit of time when the issue gets resolved by the site (maybe try again in 24 hours), you go back and switch the setting to "true" again!
kuopiofi 1 solutions 81 answers

Helpful Reply

Yup, started again. Hope someone fixes this fast.

Yup, started again. Hope someone fixes this fast.
thierscso 0 solutions 1 answers

This just started happening for me as well. I have verified that our certs are all still valid and unrevoked, and testing using GlobalSign's verification utility which said our site was configured correctly and passes testing for OCSP. We are serving a survey consumed by universities but filled out by their alumni, so we have no contact with the users of our site, meaning that the workaround is not viable and it is effectively broken for everyone using FF.

Edit: I checked our site right before I started typing this reply and it was not working after multiple CTRL+F5 refreshes. I checked it after, and it was back to working. I am the sole maintainer of the domain and the certificates on it, and I can verify that nothing was done to our site to either cause it to stop working or start working again.

This just started happening for me as well. I have verified that our certs are all still valid and unrevoked, and testing using GlobalSign's verification utility which said our site was configured correctly and passes testing for OCSP. We are serving a survey consumed by universities but filled out by their alumni, so we have no contact with the users of our site, meaning that the workaround is not viable and it is effectively broken for everyone using FF. Edit: I checked our site right before I started typing this reply and it was not working after multiple CTRL+F5 refreshes. I checked it after, and it was back to working. I am the sole maintainer of the domain and the certificates on it, and I can verify that nothing was done to our site to either cause it to stop working or start working again.

Modified by thierscso