Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING

  • 3 replies
  • 1 has this problem
  • 180 views
  • Last reply by philipp

halieusmedia
halieusmedia
more options

I have a Comodo single site SSL which tech support & I spent 4 hours trying to troubleshoot and succeeded. Secure Site Labs rates halieusmedia.com: A However, in checking FireFox 61, Mozilla returned the following text at the end of the article; 

  "When a CA adds this extension to a certificate, it requires your browser to ensure a stapled OCSP response is present in the TLS handshake. If an OCSP response is not present, the connection will fail and Firefox will display a non-overridable error page. This feature will be included in Firefox 45, currently scheduled to be released in March 2016."

That was ver. 45 I have attempted to upload a screenshot of the specific ocsp functions without success. I can toggle them off or on to test. End result is Mozilla has not corrected the problem as of July 5, 2018. Please consider fixing this once and for all; I want to give my visitors products but cannot if they cannot get to my site.

Cordially, jn14 info@halieusmedia.com

I have a Comodo single site SSL which tech support & I spent 4 hours trying to troubleshoot and succeeded. Secure Site Labs rates halieusmedia.com: A However, in checking FireFox 61, Mozilla returned the following text at the end of the article; "When a CA adds this extension to a certificate, it requires your browser to ensure a stapled OCSP response is present in the TLS handshake. If an OCSP response is not present, the connection will fail and Firefox will display a non-overridable error page. This feature will be included in Firefox 45, currently scheduled to be released in March 2016." That was ver. 45 I have attempted to upload a screenshot of the specific ocsp functions without success. I can toggle them off or on to test. End result is Mozilla has not corrected the problem as of July 5, 2018. Please consider fixing this once and for all; I want to give my visitors products but cannot if they cannot get to my site. Cordially, jn14 info@halieusmedia.com

All Replies (3)

Paul
Paul
  • Moderator
  • Top 10 Contributor
more options

Hi

I have tried to open that site on a dekstop version of Firefox and I am seeing that error.

I have had a look into the cause and it may be due to the servers OSCP response. I recomend that you contact your website host about this issue.

halieusmedia
halieusmedia Question owner
more options

Hi Seburo, thank you for the reply. The SSL contains three or four lines referencing CA, specifically the "staple" (or not) on/off function.

Mozilla Firefox 45- Beta strictly enforce whereas, Chrome does not enforce. There is a method to toggle it off deep in browser setting where most end users never go and do not know they have access to.

If Mozilla has no intention of changing it's subroutine to a relaxed enforcement, then say so. Leaving a promise to fix open year after year is not a problem solved. I love Firefox, have used it personally and professionally and am a beta tester. I will not tell my users and guests how to muck about in the guts of their browser. The very least Mozilla could and maybe should do is release an optional patch for end users. Thanks again.

Cordially, Jn 14 Of halieusmedia.com

philipp
philipp
  • Moderator
more options

hi, firefox is just following the specs here... the certificate that comodo issued for your site states that your server must support ocsp stapling for it to be valid - which apparently your server doesn't do. you'd either have to work with comodo's support to set up your server properly or else get them to issue a certificate without that caveat.

https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/ https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/