Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

SEC_ERROR_OCSP_INVALID_SIGNING_CERT

  • 23 replies
  • 225 have this problem
  • 8936 views
  • Last reply by cor-el

more options

Today we have started getting the following error when trying to access bing.com

Secure Connection Failed

An error occurred during a connection to www.bing.com. Invalid OCSP signing certificate in OCSP response. Error code: SEC_ERROR_OCSP_INVALID_SIGNING_CERT

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

What is strange is that this is happening (1) only in Firefox, and (2) only on some of our computers. We have a mixture of wired and wireless computers on our home network. I have checked computer times. Firefoxes are all running 53.0.3 on Windows 7. Setting security.ssl.enable_ocsp_stapling to false resolves the issue, but only while the setting is false.

Thanks for your help!

Chosen solution

There seems to be something wrong on some Microsoft servers. Hopefully they fix this quickly on affected servers.

This looks like a problem with OCSP stapling on the server because it works when I disable OCSP Stapling in Firefox.

You can temporarily toggle this pref to false on the about:config page to see if disabling OCSP Stapling works for you. It is best to reset this pref via the right-click context menu to true once you are done with the this website.

  • security.ssl.enable_ocsp_stapling = false
Read this answer in context 👍 23

All Replies (20)

more options

Chosen Solution

There seems to be something wrong on some Microsoft servers. Hopefully they fix this quickly on affected servers.

This looks like a problem with OCSP stapling on the server because it works when I disable OCSP Stapling in Firefox.

You can temporarily toggle this pref to false on the about:config page to see if disabling OCSP Stapling works for you. It is best to reset this pref via the right-click context menu to true once you are done with the this website.

  • security.ssl.enable_ocsp_stapling = false
more options

@cor-el So, you are experiencing the same issue? Thanks!

more options

Same with logging into mail.live.com Used to work fine. Now I need to search Internet, read threads, apply user unfriendly solutions..

A quicker and easier workaround: use Chrome, no problem. sorry to say...

=

Modified by ffw62

more options

Firefox is blocking my Outlook email account. SEC_ERROR_OCSP_INVALID_SIGNING_CERT So why? Outlook has been fine for many years, but now Firefox is only choosing to let us open sites that it wants us to. Sure, if this was a dodgy porn site or something then fine but not a basic and much used email site.

As previously noted, it works perfectly well using CHROME (which by and large is a much smoother browser) but as I prefer to use Firefox that's a bit of a pain.

So come on Firefox - act sensibly - grow up. Surely you have a simple answer to your overly robust action.

more options

The error window should at least offer a button to simply accept the URL as a safe one. After 'refresh' the site should then be opened in the same way as before.

Firefox should -not- come up with solutions that are basically meant for somewhat 'experienced users' only.

=

more options

Pour moi, un simple changement dans les paramètres réseau de Firefox à suffit en passant les préférences à "pas de proxy"

For me, a simple change in the network settings of Firefox is enough to pass preferences to 'no proxy'

more options

Ducky5164 said

Pour moi, un simple changement dans les paramètres réseau de Firefox à suffit en passant les préférences à "pas de proxy" For me, a simple change in the network settings of Firefox is enough to pass preferences to 'no proxy'

Thank you so much for letting us know   !

Merci beaucoup   !

more options

I tried the No Proxy trick and doesn't work for me. Cannot access my hotmail.

Has anyone found a solution?

more options

Snowbound1 said

I tried the No Proxy trick and doesn't work for me. Cannot access my hotmail. Has anyone found a solution?

Have you tried these methods yet   ?

If you want to, you can disable OCSP (which is a security mechanism) : 3-bar menu   (the three horizontal lines in the upper right corner, right under the closing X) => Advanced => Certificates panel


Another way to disable OCSP   (for now) : Type in the address bar   about:config   (press Enter) (promise to be careful, if asked) Type and look for the preference : security.ssl.enable_ocsp_stapling and set it's value to   false

It is best to reset this pref via the right-click context menu to   true  once you are done with this website.

more options

This is what I meant in my earlier post...

We are here to try and 'fix' things, i.e. to get things working again as before, things that developers of Firefox have 'broken'.

And automatically one ends up in settings, about configs, try this, try that... and all that kind of stuff. No disrespect, don't get me wrong.

But folks at Firefox should release a patch or something soonest possible.

more options

it's broken on microsoft's servers as they cache an expired ocsp response and serving that to firefox users - so a fix will have to come from them! https://twitter.com/vcsjones/status/869083883354148864

more options

ffw62 said

This is what I meant in my earlier post... We are here to try and 'fix' things, i.e. to get things working again as before, things that developers of Firefox have 'broken'. And automatically one ends up in settings, about configs, try this, try that... and all that kind of stuff. No disrespect, don't get me wrong. But folks at Firefox should release a patch or something soonest possible.

I'm only speaking for myself now, but : It makes me so sad to know that users always seem to think that Firefox is to blame for everything that goes wrong   ......

more options

Yes, I understand, but eh, you know, also speaking for myself, I am also sad .. because what had always going right with Firefox so far, now suddenly doesn't.

Also a bit sad as they 'push' to use Chrome, whereas I have been using FF for more than 12 years now.

I don't want to use Chrome, but recently I have been using it more and more, because Firefox failed and I don't want to spend time as to why it failed. I use Chrome then and when ready, I go back to Firefox.

more options

Thank you

more options

Happy112 said

ffw62 said
This is what I meant in my earlier post... We are here to try and 'fix' things, i.e. to get things working again as before, things that developers of Firefox have 'broken'. And automatically one ends up in settings, about configs, try this, try that... and all that kind of stuff. No disrespect, don't get me wrong. But folks at Firefox should release a patch or something soonest possible.

I'm only speaking for myself now, but : It makes me so sad to know that users always seem to think that Firefox is to blame for everything that goes wrong   ......

Wherever the real problem comes from, the fact is that we use Firefox and expect things to work properly thereafter. I'm no IT specialist, enthusiast or even just good at finding solutions - I'm just an internet user as many others are - the workings of my computer are for specialists to explore, not me. Therefore to me Firefox is the problem and they at least should be responsible for providing a solution.

more options

the problem lies with microsoft, whose servers in layman's terms send an expired assurance that their ssl certificate is still valid - unfortunately it turns out that firefox is the only browser checking for this on each secure https site it is loading (whereas other browsers glance over that and only check for https://en.wikipedia.org/wiki/Extended_Validation_Certificate).

Monkeys_uncle said

Therefore to me Firefox is the problem and they at least should be responsible for providing a solution.

we are doing everything that's within our power already - we are in contact with microsoft about this issue on all our available communication channels (it may not help that today is a holiday in the US) and we're explaining the issue including the workaround to all users seeking support here in the mozilla forum...

more options

A round of applause for Philipp, please   !!!

more options

Bing.com is back for me.

more options

This issue was fixed by Microsoft within a few hours after posting the solution here.

To anyone “blaming” Firefox for the consequences (not to say “issue”, since we now know what caused it):

Imagine a customer’s debit card from bank X suddenly stops working for some reason, whereas those of other banks still work. This customer calls their bank and gets to speak to someone within no-time. The customer starts expressing their anger and frustration, feeling strengthened by the fact all other banks “have no issue” and “the bank’s card has been working for years”. All the employee on the phone can say is the bank takes security very seriously, while explaining the real cause and offering a temporary workaround, so the customer is quickly able to do what they want AND able to reverse the workaround when no longer needed.

How would the customer feel when the next or even same day, it turns out a worldwide issue / hacking attempt occurred, affecting many customers from several other banks seeing their account balance go down? Would they still be mad at their bank, or feel comfortable being a customer there instead?

A nice example of some people preferring ease over security while the (2 or more) real “vulnerable” parties are exposed, if you ask me. Not intended to bash other browser manufacturers, but at least something to think about.

Modified by Tonnes

more options

@Tonnes :

A million kudos   !!!

  1. 1
  2. 2