Join the Mozilla’s Test Days event from 9–15 Jan to test the new Firefox address bar on Firefox Beta 135 and get a chance to win Mozilla swag vouchers! 🎁

Avatar for Username

Hilfe durchsuchen

Vorsicht vor Support-Betrug: Wir fordern Sie niemals auf, eine Telefonnummer anzurufen, eine SMS an eine Telefonnummer zu senden oder persönliche Daten preiszugeben. Bitte melden Sie verdächtige Aktivitäten über die Funktion „Missbrauch melden“.

Weitere Informationen

Error code: SEC_ERROR_REVOKED_CERTIFICATE - OCSP query fails: how to report?

  • 1 Antwort
  • 0 haben dieses Problem
  • 5 Aufrufe
  • Letzte Antwort von chris wilson

lucrs4096
lucrs4096
more options

Today I suddenly started receiving the error code: SEC_ERROR_REVOKED_CERTIFICATE on a secure authentication page that was working until a few hours earlier, belonging to a major national bank.

https://www.ssllabs.com/ssltest/ cannot reach that page, other SSL checking sites report variable results (some say one cert in the chain has expired after a CRL, others say all is OK)

The same page/site works flawlessly on Chrome. Firefox incompatibility with popular portals is a growing trend unfortunately.

After a little digging with developer tools, it comes out the OCSP query reports the REVOKED_CERTIFICATE error. Disabling the "Query OCSP [..]" option in Firefox that website starts working fine again.

Now, I would like to still keep using the OCSP queries ON, and I definitely want to keep using Firefox for everything.

My question is: when a portal or website is found to be broken with Firefox (with default settings), with a root cause found like in this case, how can it be reported?

Having a clear report path would be useful to try to make the browser more compatible (in this case : was this a bug? Some wrong information on OCSP responders? Some mess caused by the website mantainers?)

Today I suddenly started receiving the error code: SEC_ERROR_REVOKED_CERTIFICATE on a secure authentication page that was working until a few hours earlier, belonging to a major national bank. https://www.ssllabs.com/ssltest/ cannot reach that page, other SSL checking sites report variable results (some say one cert in the chain has expired after a CRL, others say all is OK) The same page/site works flawlessly on Chrome. Firefox incompatibility with popular portals is a growing trend unfortunately. After a little digging with developer tools, it comes out the OCSP query reports the REVOKED_CERTIFICATE error. Disabling the "Query OCSP [..]" option in Firefox that website starts working fine again. Now, I would like to still keep using the OCSP queries ON, and I definitely want to keep using Firefox for everything. My question is: when a portal or website is found to be broken with Firefox (with default settings), with a root cause found like in this case, how can it be reported? Having a clear report path would be useful to try to make the browser more compatible (in this case : was this a bug? Some wrong information on OCSP responders? Some mess caused by the website mantainers?)

Alle Antworten (1)

chris wilson
chris wilson
more options

This issue highlights a mix of technical and compatibility challenges. The error code SEC_ERROR_REVOKED_CERTIFICATE suggests Firefox detected a revoked certificate via the OCSP query, which safeguards users against compromised certificates. Chrome's ability to load the page may indicate differences in OCSP enforcement or fallback behavior between browsers.

For reporting:

Bug Reporting: File a detailed report on Mozilla’s Bugzilla (https://bugzilla.mozilla.org/), including steps to reproduce and diagnostic data like OCSP responses or SSL Labs results.

Notify the Website: Inform the website’s support team of potential misconfigurations in their certificate chain or OCSP responder.

Community Insights: Engage with Mozilla’s support forums for feedback and validation before escalating.

Hilfreich?

Stellen Sie eine Frage

Sie müssen sich mit Ihrem Benutzerkonto anmelden, um auf Beiträge zu antworten. Bitte stellen Sie eine neue Frage, wenn Sie noch kein Benutzerkonto haben.