X
Tap here to go to the mobile version of the site.

Support Forum

How to troubleshoot secure connection failed due to Error code: SEC_ERROR_OCSP_TRY_SERVER_LATER

Posted

I am trying to load https://www.thewomenshome.org/ I get the problem loading page, secure connection failed Error code: SEC_ERROR_OCSP_TRY_SERVER_LATER. It doesn't give me the option to hit advance and go to the site anyway. I can also reach the events page for this site but not the main home page.

I am trying to load https://www.thewomenshome.org/ I get the problem loading page, secure connection failed Error code: SEC_ERROR_OCSP_TRY_SERVER_LATER. It doesn't give me the option to hit advance and go to the site anyway. I can also reach the events page for this site but not the main home page.
Attached screenshots

Chosen solution

There is something wrong with the server's configuration. If you disable one of Firefox's OCSP-related features, you can access the page.

OCSP is a method to check whether a certificate has been revoked after issuance and before the certificate's normal expiration -- certificates are sometimes issued by mistake. In addition to the traditional method of reading the certificate and sending a request to the issuer, Firefox supports a method called "stapling" which allows the server to send a confirmation of validity itself. This saves a little time in checking the certificate because Firefox doesn't have to check with the issuer. But some sites do not work with stapling on due to a server configuration error.

As a temporary workaround, you can set Firefox not to use stapling:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste ocsp and pause while the list is filtered

(3) Double-click the security.ssl.enable_ocsp_stapling preference to switch it from true to false

You will need to reload the problem page (possibly bypassing the cache using Ctrl+Shift+r).

If you don't need to visit this site often, I suggest switching stapling back after this visit.

If you prefer to keep stapling enabled, you can visit the site in Google Chrome. Chrome doesn't do OCSP checks.

Read this answer in context 7

Additional System Details

Installed Plug-ins

  • Adobe PDF Plug-In For Firefox and Netscape 15.10.20056
  • The plugin allows you to have a better experience with Microsoft SharePoint
  • Shockwave Flash 21.0 r0

Application

  • Firefox 46.0
  • User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
  • Support URL: https://support.mozilla.org/1/firefox/46.0/WINNT/en-US/

Extensions

  • Firefox Hello 1.2.6 (loop@mozilla.org)
  • Multi-process staged rollout 1.0 (e10srollout@mozilla.org)
  • Pocket 1.0 (firefox@getpocket.com)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: Intel(R) HD Graphics 520
  • adapterDescription2:
  • adapterDeviceID: 0x1916
  • adapterDeviceID2:
  • adapterDrivers: igdumdim64 igd10iumd64 igd10iumd64 igd12umd64 igdumdim32 igd10iumd32 igd10iumd32 igd12umd32
  • adapterDrivers2:
  • adapterRAM: Unknown
  • adapterRAM2:
  • adapterSubsysID: 380017aa
  • adapterSubsysID2:
  • adapterVendorID: 0x8086
  • adapterVendorID2:
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 10.0.10586.0
  • driverDate: 11-18-2015
  • driverDate2:
  • driverVersion: 20.19.15.4326
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'direct2d 1.1', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d 1.1', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 2
  • numTotalWindows: 2
  • supportsHardwareH264: Yes
  • webglRenderer: Google Inc. -- ANGLE (Intel(R) HD Graphics 520 Direct3D11 vs_5_0 ps_5_0)
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Direct3D 11

Modified Preferences

Misc

  • User JS: No
  • Accessibility: Yes
jscher2000
  • Top 10 Contributor
8513 solutions 69541 answers

Chosen Solution

There is something wrong with the server's configuration. If you disable one of Firefox's OCSP-related features, you can access the page.

OCSP is a method to check whether a certificate has been revoked after issuance and before the certificate's normal expiration -- certificates are sometimes issued by mistake. In addition to the traditional method of reading the certificate and sending a request to the issuer, Firefox supports a method called "stapling" which allows the server to send a confirmation of validity itself. This saves a little time in checking the certificate because Firefox doesn't have to check with the issuer. But some sites do not work with stapling on due to a server configuration error.

As a temporary workaround, you can set Firefox not to use stapling:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste ocsp and pause while the list is filtered

(3) Double-click the security.ssl.enable_ocsp_stapling preference to switch it from true to false

You will need to reload the problem page (possibly bypassing the cache using Ctrl+Shift+r).

If you don't need to visit this site often, I suggest switching stapling back after this visit.

If you prefer to keep stapling enabled, you can visit the site in Google Chrome. Chrome doesn't do OCSP checks.

There is something wrong with the server's configuration. If you disable one of Firefox's OCSP-related features, you can access the page. OCSP is a method to check whether a certificate has been revoked after issuance and before the certificate's normal expiration -- certificates are sometimes issued by mistake. In addition to the traditional method of reading the certificate and sending a request to the issuer, Firefox supports a method called "stapling" which allows the server to send a confirmation of validity itself. This saves a little time in checking the certificate because Firefox doesn't have to check with the issuer. But some sites do not work with stapling on due to a server configuration error. As a temporary workaround, you can set Firefox not to use stapling: (1) In a new tab, type or paste '''about:config''' in the address bar and press Enter/Return. Click the button promising to be careful. (2) In the search box above the list, type or paste '''ocsp''' and pause while the list is filtered (3) Double-click the '''security.ssl.enable_ocsp_stapling''' preference to switch it from true to false You will need to reload the problem page (possibly bypassing the cache using Ctrl+Shift+r). If you don't need to visit this site often, I suggest switching stapling back after this visit. If you prefer to keep stapling enabled, you can visit the site in Google Chrome. Chrome doesn't do OCSP checks.

Modified by jscher2000

Helpful Reply

Thanks for the quick help.

Thanks for the quick help.
cor-el
  • Top 10 Contributor
  • Moderator
17276 solutions 156148 answers
See also: *https://www.ssllabs.com/ssltest/analyze.html?d=www.thewomenshome.org