This forum is a discussion about improving the "How to troubleshoot time related errors on secure websites" article. If you'd like to participate, please register.

If you need help with Firefox, please ask a question.

Background for this article

  • 1 Replies
  • Last reply by AliceWyman
  1. AliceWyman 5126 posts
    Report Abuse

    This is copied from https://support.mozilla.org/en-US/kb/what-does-your-connection-is-not-secure-mean/discuss/6598 some data to improve this article

    philipp said on April 22, 2016

    <snip> I've looked at some available telemetry data for one month of error messages in firefox 45 & here are some findings about the 115 million recorded displayed ssl error pages during that time: <snip>
    • 14% are various time related error messages (SEC_ERROR_OCSP_FUTURE_RESPONSE, SEC_ERROR_EXPIRED_CERTIFICATE, MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE, SEC_ERROR_OCSP_OLD_RESPONSE, MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE, SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE). we only cover a fraction of those and not entirely correctly at the moment. part of it will be due to server side issues, but another part also due to skewed clocks on a user's device - in the latter case the error page will directly warn users about this fact starting in firefox 48 or 49 (bug 712612). i think it may be worth spinning off a separate article for those timing-based errors explaining how to set the right time step-by-step for various operating systems and maybe have this linked directly from the particular error messages as well.
    <snip> raw data: https://docs.google.com/spreadsheets/d/1Z0TDpBoGzvfIN9E2ETeWpZNraVfvWFnuM_XSIExZvA4/

    philipp said on April 23, 2016

    i have created a first version of an article that especially deals with time related https errors: https://support.mozilla.org/en-US/kb/troubleshoot-time-errors-secure-websites/history

    (Minor nit: time related should be hyphenated as time-related in both the title and content.)

    This is copied from https://support.mozilla.org/en-US/kb/what-does-your-connection-is-not-secure-mean/discuss/6598 ''some data to improve this article'' ''philipp said'' on April 22, 2016 <blockquote> <snip> I've looked at some available telemetry data for one month of error messages in firefox 45 & here are some findings about the 115 million recorded displayed ssl error pages during that time: <snip> * '''14%''' are various '''time related''' error messages (SEC_ERROR_OCSP_FUTURE_RESPONSE, SEC_ERROR_EXPIRED_CERTIFICATE, MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE, SEC_ERROR_OCSP_OLD_RESPONSE, MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE, SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE). we only cover a fraction of those and not entirely correctly at the moment. part of it will be due to server side issues, but another part also due to skewed clocks on a user's device - in the latter case the error page will directly warn users about this fact starting in firefox 48 or 49 ([https://bugzilla.mozilla.org/show_bug.cgi?id=712612 bug 712612]). i think it may be worth spinning off a separate article for those timing-based errors explaining how to set the right time step-by-step for various operating systems and maybe have this linked directly from the particular error messages as well. <snip> raw data: https://docs.google.com/spreadsheets/d/1Z0TDpBoGzvfIN9E2ETeWpZNraVfvWFnuM_XSIExZvA4/ </blockquote> ''philipp said'' on April 23, 2016 <blockquote> i have created a first version of an article that especially deals with time related https errors: https://support.mozilla.org/en-US/kb/troubleshoot-time-errors-secure-websites/history </blockquote> (Minor nit: ''time related'' should be hyphenated as '''time-related''' in both the title and content.)
  2. AliceWyman 5126 posts
    Report Abuse

    (For the record) Here's the related bug report:

    Bug 1282455 Use dedicated "Learn more..." link on time related cert error pages VERIFIED FIXED in Firefox 50

    [:philipp] (Reporter) Description • 2016-06-27 11:08 EDT

    similar like in bug 1242886, i would request that on "Your Connection is not Secure" error pages for time-related issues we use a "learn more" link that leads users to a dedicated article explaining amongst other things how to fix the system clock so that there is a greater chance that affected users are able to easily solve the issue.

    this would be related to the following error codes (which make up ~14% of all cert errors according to telemetry): SEC_ERROR_EXPIRED_CERTIFICATE SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE SEC_ERROR_OCSP_FUTURE_RESPONSE SEC_ERROR_OCSP_OLD_RESPONSE MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE

    we would have the following article in place for this on sumo: https://support.mozilla.org/kb/troubleshoot-time-errors-secure-websites

    (For the record) Here's the related bug report: [https://bugzilla.mozilla.org/show_bug.cgi?id=1282455 Bug 1282455] Use dedicated "Learn more..." link on time related cert error pages VERIFIED FIXED in Firefox 50 [:philipp] (Reporter) Description • 2016-06-27 11:08 EDT similar like in bug 1242886, i would request that on "Your Connection is not Secure" error pages for time-related issues we use a "learn more" link that leads users to a dedicated article explaining amongst other things how to fix the system clock so that there is a greater chance that affected users are able to easily solve the issue. this would be related to the following error codes (which make up ~14% of all cert errors according to telemetry): SEC_ERROR_EXPIRED_CERTIFICATE SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE SEC_ERROR_OCSP_FUTURE_RESPONSE SEC_ERROR_OCSP_OLD_RESPONSE MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE we would have the following article in place for this on sumo: https://support.mozilla.org/kb/troubleshoot-time-errors-secure-websites